Values for x-webkit-csp:
default-src 'self' 23
default-src 'self' 'unsafe-inline' 18
default-src 'self'; script-src 'self' 'unsafe-inline' 15
report-uri /report-csp-violation; upgrade-insecure-requests 12
frame-ancestors 'self' 12
report-uri /report-csp-violation 8
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 6
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 4
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 3
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3
frame-ancestors 'self' weleda.sabio.de 3
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
allow 'self'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2
default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com endpoint-app.cognigy.ai *.githubusercontent.com maps.google.de 'unsafe-inline' 'unsafe-eval' data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com sdk.asapp.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com *.googleusercontent.com data:; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 2
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-fxjDZEQ5Wqjqcr4lyLLkLAV+PwY+TkFXFPaLYH9SZKH1YWHp'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
policy-uri /parivahan//'self' 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'none' 1
connect-src * 'self' 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com playout.3qsdn.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
frame-ancestors *.payback.de 1
base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-38e4c45871ac562393fa622ba1847ccedc5be8a1a264' 'nonce-682ed02d1a9faa1de65cf8d887642b60b499b5f9552a' 'nonce-d0c763750a7b9c619edadd07c1c0712682e0ba1f407d' 'nonce-3656106672a6f742e5db14aa57f497bc575fa0efb909' 'nonce-0901a3f0b6251d22b5a4fa3cc1f92086866e7a58c52b'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/; frame-ancestors 'self' https://beyondblue-npsp.my.salesforce-sites.com/; 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 1
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.dynamicyield.com *.bootstrapcdn.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech  mycliplister.com wss://*.hotjar.com 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=%2BxWYkQJbvdNnE2YvkLM20PXXPN6nOpTc2oj4O63MazTAjpeo0D1MIyPzQTxDhvG26P8FYp6eHECbMz3Pkr2hnw%3D%3D; 1
default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self'  data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline'  *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com  *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; Content-Security-Policy: default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self'  data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline'  *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com  *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; 1
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://bat.bing.com https://cdn.jsdelivr.net https://chat.botyto.com https://sc.lfeeder.com https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://chat.botyto.com/* https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: *.cookiebot.com *.clarity.ms https://bat.bing.com https://tr-rc.lfeeder.com https://chat.botyto.com https://tr.lfeeder.com https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' *.cookiebot.com *.clarity.ms https://cdn.growthbook.io https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://consentcdn.cookiebot.com https://chat.botyto.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com googleads.g.doubleclick.net *.hotjar.io sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self';frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com;img-src 'self' data: blob: www.relaischateaux.com maps.gstatic.com maps.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com www.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com googletagmanager.com googleads.g.doubleclick.net d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
frame-ancestors 'self' cmsv2.zebrix.net 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
policy-uri /'self' 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-xSYmesALkB/tHstJHSfhbA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-6aee24d4fc451f99779fc61fd1ae3c49' 'nonce-d67797ef857e1b60880894c69a01b4c7' 'nonce-f6f212cc71dc87957cec7e74c66b78b9' 'nonce-e96f49c6fce2be089c667d7adac4a9a5' 'nonce-544819600fc23a4f8bed3bc1240b6e39' 'nonce-7ac30faa8cb7aa52f3856c1385fff6da' 'nonce-5f1e66696760731c556a8dbf80bd7bad' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6aee24d4fc451f99779fc61fd1ae3c49' 'nonce-d67797ef857e1b60880894c69a01b4c7' 'nonce-f6f212cc71dc87957cec7e74c66b78b9' 'nonce-e96f49c6fce2be089c667d7adac4a9a5' 'nonce-544819600fc23a4f8bed3bc1240b6e39' 'nonce-7ac30faa8cb7aa52f3856c1385fff6da' 'nonce-5f1e66696760731c556a8dbf80bd7bad' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://acsbapp.com https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net c.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com cdn.cookielaw.org data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com checkout.us.staging.chantelle.cloud https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com https://acsbapp.com https://cdn.acsbapp.com https://process.acsbapp.com https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-28a440a540997e09404958dc41476ac0' 'nonce-1c66b78c7fd0a3706b809e10def9129c' 'nonce-29f5e9ae3ccd22b63a80384e1a2bce04' 'nonce-dc25c226dd716a3df9e56d3cbf7c03e8' 'nonce-9753c923175afdf2afbb05c816478b5a' 'nonce-b0e60aade91cce69882fac32ae7a916c' 'nonce-4983180f98d78dfdbf475d9df6dcfd4a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-28a440a540997e09404958dc41476ac0' 'nonce-1c66b78c7fd0a3706b809e10def9129c' 'nonce-29f5e9ae3ccd22b63a80384e1a2bce04' 'nonce-dc25c226dd716a3df9e56d3cbf7c03e8' 'nonce-9753c923175afdf2afbb05c816478b5a' 'nonce-b0e60aade91cce69882fac32ae7a916c' 'nonce-4983180f98d78dfdbf475d9df6dcfd4a' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.player.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com https://player.vimeo.com/api/player.js; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
base-uri 'none';child-src 'none';connect-src 'self' cdn.cookielaw.org payment.preprod.direct.worldline-solutions.com prd-az-www.ritzparis.com payment.direct.worldline-solutions.com *.onetrust.com *.ritzparis.com *.analytics.google.com stats.g.doubleclick.net *.contentsquare.net ;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src ritzparis.prismic.io ritzparis-dev.prismic.io payment.preprod.direct.worldline-solutions.com payment.direct.worldline-solutions.com;img-src 'self' data: dam-media-prd.ritzparis.com media.ritzparis.com static.cdn.prismic.io images.prismic.io cdn.cookielaw.org ritzparis.twic.pics www.google.fr/ads/ga-audiences *.ritzparis.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.contentsquare.net www.facebook.com www.googletagmanager.com bat.bing.com;manifest-src 'self';media-src 'self' dam-media-prd.ritzparis.com media.ritzparis.com ritzparis-dev.cdn.prismic.io;object-src 'none';script-src 'self' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' *.ritzparis.com static.cloudflareinsights.com static.cdn.prismic.io cdn.cookielaw.org payment.direct.worldline-solutions.com prismic.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com 'sha256-vlA+/IoVFMeZir0XBHEuSc8eRGNGZLe3WVp7KkajiPk=' 'sha256-YU03sCxX47R6bqxqxPChvbTU5oQqJ5Puob6xWTcFeHY=' 'sha256-5aSb69VmW3iXh7uFY0aXw2sRLmNO0GWwp+znslFHIgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' *.contentsquare.net 'sha256-697J3WKT7EkTzi85tWcYWTSIasTwcEAcsmxAZbH3ngQ=' bat.bing.com 'sha256-P4TmnK7YRDPTmdn55mI9jHpreKHeCRAsZEN+FryYMr8=' 'sha256-I0ZdFDhjkmpkLSz9o1NmuuTagiVBsP4PWSegIpEjWyA=' 'unsafe-inline' t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.cookiebot.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;manifest-src https://www.wefact.nl 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js  https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.google.co.il *.rlcdn.com *.twitter.com *.google.co.th *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' app.hubspot.com *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com adservice.googlesyndication.com www.google.co.uk connect.facebook.net px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.google.de *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' unpkg.com *.jquery.com *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google.com *.googletagmanager.com *.gstatic.com *.facebook.net *.google-analytics.com dnn506yrbagrg.cloudfront.net *.youtube.com *.ytimg.com *.crazyegg.com *.opinionstage.com *.clarity.ms *.bing.com *.hotjar.com; connect-src 'self' script.crazyegg.com stats.g.doubleclick.net *.cwp.govt.nz wss://*.inside-graph.com *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google-analytics.com *.google.com *.googletagmanager.com *.optimalworkshop.com *.opinionstage.com *.facebook.com *.clarity.ms  wss://*.hotjar.com *.hotjar.com *.hotjar.io; img-src 'self' data: *.google.com *.google.co.nz *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.typekit.net *.doubleclick.net *.gstatic.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.inside-graph.com gtrk.s3.amazonaws.com *.opinionstage.com *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.googleapis.com *.google.com *.opinionstage.com; font-src 'self' data: *.gstatic.com *.typekit.net ; frame-src 'self' *.inside-graph.com *.youtube.com *.doubleclick.net *.google.com *.opinionstage.com *.facebook.com; manifest-src 'self'; frame-ancestors 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; base-uri 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; form-action 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.opinionstage.com *.facebook.com; 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.analytics.tiktok.com *.connect.facebook.net *.p.teads.tv *.p.teads.tv *.*.www.googletagmanager.com *.analytics.johnsonsbaby.com.co *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com analytics.twitter.com  cdn.sajari.net cdn.sajari.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net  *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com  *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com www.gstatic.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com global.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.pharmacyregulation.org http://www.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://www.googletagmanager.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://api.reciteme.com/asset/js https://cdn.jsdelivr.net/npm/toastify-js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/mode/yaml/yaml.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/display/placeholder.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/runmode/runmode.js https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://*.facebook.com https://*.facebook.net https://www.pagespeed-mod.com/v1/taas https://*.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: https://*.pharmacyregulation.org http://*.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com https://*.googleapis.com http://maxcdn.bootstrapcdn.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' data: *.s3.eu-west-2.amazonaws.com https://*.pharmacyregulation.org https://cdn.jsdelivr.net http://www.reciteme.com https://api.reciteme.com https://www.youtube.com https://*.google-analytics.com https://*.googletagmanager.com d3mhed0dfgjnch.cloudfront.net https://fonts.gstatic.com; media-src  'self' data: *.s3.eu-west-2.amazonaws.com http://www.reciteme.com https://www.youtube.com; form-action  'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors  'self'; child-src  'self'; font-src 'self' data: https://*.pharmacyregulation.org https://maps.googleapis.com maxcdn.bootstrapcdn.com https://maps.gstatic.com http://www.reciteme.com https://api.reciteme.com https://svc.webspellchecker.net https://fonts.gstatic.com; connect-src  'self' http://www.reciteme.com https://stats.reciteme.com https://api.reciteme.com https://*.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com https://svc.webspellchecker.net https://bam.eu01.nr-data.net https://clapi.civiccomputing.com https://o15468.ingest.sentry.io/api/4505318583435264/envelope/; base-uri self; report-uri /report-csp-violation 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
policy 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net  https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com  www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com player.vimeo.com; 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors *; report-uri /report-csp-violation 1
frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.newrelic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Yka3rRf5%2Fd88m1DoS%2FRjVaIPgD4yzRBHK42CQ3Or4w8k7Dc66OUzJdJnQCevZYGVCsZMpxT8bfgGr%2Bu51gbKkQ%3D%3D; 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-7ee0fd9e6c9e9a995d692c1be460c5df' 'nonce-59ebe9d789d2b3c9e553b4d1dc8f3ead' 'nonce-7858020dfaa2c173d77c675978749644' 'nonce-a7de38825da43dd3e452ac0f14e025ee' 'nonce-b27952b7c5c598123cedcbf718f5bc02' 'nonce-ddea3ba29e88bf6199b1f6215cf1efc6' 'nonce-5ffb4376d629abe582907aaeedd5e3d2' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7ee0fd9e6c9e9a995d692c1be460c5df' 'nonce-59ebe9d789d2b3c9e553b4d1dc8f3ead' 'nonce-7858020dfaa2c173d77c675978749644' 'nonce-a7de38825da43dd3e452ac0f14e025ee' 'nonce-b27952b7c5c598123cedcbf718f5bc02' 'nonce-ddea3ba29e88bf6199b1f6215cf1efc6' 'nonce-5ffb4376d629abe582907aaeedd5e3d2' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors https://app.storyblok.com/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net *.licdn.com *.twitter.com *.twimg.com *.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.googletagmanager.com *.matomo.cloud *.upsales.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.etracker.com *.etracker.de *.g.doubleclick.net *.matomo.cloud; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
self 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 1
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-8d94d1e2a157115024e3d7c8ea266c08' 'nonce-1a9f909d7cf7c2c898eabed3a040966e' 'nonce-9e9aa5050f7239f5b95422891f29ff45' 'nonce-a832e5bc52576e9b340381e35ec5e0bc' 'nonce-5166a77616c98d1c154cdabddd669eb5' 'nonce-893c5af771eadbf27fbc2e59b5fc83d9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8d94d1e2a157115024e3d7c8ea266c08' 'nonce-1a9f909d7cf7c2c898eabed3a040966e' 'nonce-9e9aa5050f7239f5b95422891f29ff45' 'nonce-a832e5bc52576e9b340381e35ec5e0bc' 'nonce-5166a77616c98d1c154cdabddd669eb5' 'nonce-893c5af771eadbf27fbc2e59b5fc83d9' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors self; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 1
default-src 'self' data: ; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://translate-pa.googleapis.com/v1/translateHtml https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at cdn.linkedin.oribi.io; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtu.be *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at *.vimeo.com vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 1
script-src 'nonce-D2MY6SeiRec3aaOaZcsJSmeVQBE=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net https://www.googleadservices.com; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://cdn.cookielaw.org https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net https://www.clarity.ms; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com *.newrelic.com *.onetrust.com; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy *.newrelic.com *.onetrust.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com rpxnow.com *.rpxnow.com data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self'  'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https:; worker-src blob: 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.aptrinsic.com fonts.googleapis.com; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io fonts.gstatic.com; img-src 'self' app.workfrontfusion.com/static data: https://ipm-fusion-prod.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io *.aptrinsic.com storage.googleapis.com *.typekit.net; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net *.aptrinsic.com; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com *.aptrinsic.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1
base-uri 'self'; child-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; frame-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.nuxeocloud.com https://*.tiny.cloud; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.tinymce.com/ blob:; media-src 'self'; object-src 'self' https://*.tiny.cloud; plugin-types https://*.tiny.cloud; script-src 'self' https://*.civiccomputing.com https://*.tiny.cloud https://*.tinymce.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.tinymce.com https://*.tiny.cloud 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=cd5RedoHiUxon9qWC1rFkntwh2aGSqHhOxuyv1VVgS7uivVJD83ml4FQ17emEId%2BW2DSfT4R%2FX%2FhQmvRvQqlRw%3D%3D; 1
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline', default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com  vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-omxr733bc-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.tt.mbww.com *.analytics.neutrogena.com.mx *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.www.youtube.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-a53b3f76143c6fd3a88ea87de8a48116' 'nonce-c8fb5b241c586828d4bc987e368cad3b' 'nonce-7cda0ccef28d50d212ff7674dae80032' 'nonce-0105af604326dfeecb56da33c7dd11ad' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a53b3f76143c6fd3a88ea87de8a48116' 'nonce-c8fb5b241c586828d4bc987e368cad3b' 'nonce-7cda0ccef28d50d212ff7674dae80032' 'nonce-0105af604326dfeecb56da33c7dd11ad' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com  *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net static.hotjar.com *.matomo.cloud *.hotjar.com googleads.g.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com cookie-cdn.cookiepro.com www.facebook.com vandemoortele.getbynder.com www.google.com www.google.es www.google.at www.google.it www.google.de www.google.fr www.google.se vandemoortele.matomo.cloud www.google.be px.ads.linkedin.com adservice.google.com www.google.pl www.google.cl *g.doubleclick.net pubads.g.doubleclick.net *amazonaws.com; media-src 'self'; frame-src 'self' *.youtube.com td.doubleclick.net; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' data: cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com privacyportal.cookiepro.com stats.g.doubleclick.net vc.hotjar.io www.google.com google.com www.google.be google.be px.ads.linkedin.com adservice.google.com www.facebook.com cdnjs.cloudflare.com region1.analytics.google.com analytics.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; img-src https://* 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://heyzine.com https://*.heyzine.com  https://*.google.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src https://*.seznam.cz 'self' https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com  https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self'; 1
base-uri 'self'; default-src 'self'; child-src https://youtube.com https://www.youtube.com https://player.vimeo.com player.vimeo.com https://embed.spotify.com embed.spotify.com; connect-src 'self' https://plausible.spaces.is; font-src 'self' https://encore.scdn.co encore.scdn.co; form-action 'self'; frame-ancestors 'none'; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com player.vimeo.com https://embed.spotify.com embed.spotify.com; img-src 'self' https://ytimg.com https://ggpht.com https://youtube.com https://i.vimeocdn.com i.vimeocdn.com https://i.scdn.co i.scdn.co data:; media-src https://staging.spaces.is staging.spaces.is https://spaces.is spaces.is; object-src 'none'; script-src 'self' https://plausible.spaces.is https://youtube.com https://google.com https://f.vimeocdn.com f.vimeocdn.com https://embed-cdn.spotifycdn.com embed-cdn.spotifycdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://f.vimeocdn.com f.vimeocdn.com https://embed-cdn.spotifycdn.com embed-cdn.spotifycdn.com 'unsafe-inline'; worker-src; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' 1
default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de  *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de  www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src  *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de ; worker-src 'self' *.dehst.de ; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data:; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.ca; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://static.addtoany.com; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com  *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com https://adservice.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1
reflected-xss block 1
default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com https://assets.cdn.io.pagopa.it https://stlucadev.z6.web.core.windows.net mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; img-src data: https://*.isidata.net data: https://*.google-analytics.com https://stlucadev.z6.web.core.windows.net https://continua.io.pagopa.it https://play.google.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; connect-src 'self' https://*.fontawesome.com; form-action https://*.s3.amazonaws.com https://*.isidata.net 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://td.doubleclick.net/ https://www.youtube-nocookie.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self'; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-3d00bf317d98949f8122d14222263128' 'nonce-f3f18d6a399761fef83f1553e496bd27' 'nonce-edb0a857333df7964163b2257994c393' 'nonce-a3ac4fda8bed93cec00cbddf372e56ea' 'nonce-52fbfbcf8913e9df3e2a28aaacecb6d7' 'nonce-b5d2c15b415feab9f3fa6d4a3f9ed023' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3d00bf317d98949f8122d14222263128' 'nonce-f3f18d6a399761fef83f1553e496bd27' 'nonce-edb0a857333df7964163b2257994c393' 'nonce-a3ac4fda8bed93cec00cbddf372e56ea' 'nonce-52fbfbcf8913e9df3e2a28aaacecb6d7' 'nonce-b5d2c15b415feab9f3fa6d4a3f9ed023' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-eq1UH/IHC8iFYZk4J+9Wdnkf' 'nonce-SjKbwzKYxhrH7DXAMaYlL8mY' 'nonce-neW+Ei2qyc3/dYb3YoLghH3r' 'nonce-tFSgJzpeM/E/pkV0oo0HMty3' 'nonce-pnDANUU6WfLH4IRwaVift4Dr' 'nonce-KOv7WfSJh9kTBDbNxnkSYYZ0' 'nonce-6OgA5U/UEMHstfd2F5k9j9VW' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
policy-uri /'none' 1
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 1
base-uri 'self'; child-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; frame-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; connect-src 'self' wss://micromain-global.firebaseio.com wss://*.firebaseio.com https://*.micromain.global https://micromain.global https://translate.googleapis.com https://api.awesomeblocker.com wss://127.0.0.1 https://fonts.googleapis.com https://translate.google.com https://cdnmd.global-cache.online/ wss://127.0.0.1:*/; default-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com *; img-src 'self' data: micromain.global * blob:; media-src 'self' https://*.micromain.global; script-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' https://micromain.atlassian.net https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://micromain-global.firebaseio.com https://*.firebaseio.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' unsafe-hashes fonts.googleapis.com * 'unsafe-inline'; frame-ancestors 'self' https://*.firebaseio.com https://micromain.global https://*.micromain.global https://*.request.services/ gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=a6bR99Qia62qLhK1s7Zhd6RnJT5MzhFoIcw3J6nqiSDqL6LwIAMp2TrdyOIjlivGCwNmbAUrB80rcAjB92z4Ig%3D%3D; 1
base-uri 'none';child-src 'none';connect-src 'self' api-js.mixpanel.com client.axept.io api.axept.io vitals.vercel-insights.com back.whentocop.fr backend.whentocop.fr whentocop-backend-staging.herokuapp.com wtc-comparator-api.herokuapp.com https://wtc-comparator-api-staging.herokuapp.com www.google-analytics.com www.dwin1.com r.skimresources.com t.skimresources.com stockx.pvxt.net electric-vibrant.whentocop.fr backend-staging.whentocop.fr https://region1.google-analytics.com;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' statics.whentocop.fr static.axept.io client.axept.io axeptio.imgix.net s3.eu-west-3.amazonaws.com www.google.com www.google-analytics.com www.awin1.com t.skimresources.com p.skimresources.com t0.gstatic.com t1.gstatic.com t2.gstatic.com t3.gstatic.com logs-01.loggly.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' static.axept.io client.axept.io vitals.vercel-insights.com api-js.mixpanel.com www.googletagmanager.com www.google-analytics.com www.dwin1.com www.dwin2.com d.impactradius-event.com s.skimresources.com cdn.usefathom.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
'self' www.aksandik.org 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://googleads.g.doubleclick.net https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' 1
policy-uri /'unsafe-inline' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; img-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:; ; media-src *; frame-src * *.mikmak.ai *.swaven.com; frame-ancestors 'self'; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com  www.google-analytics.com rojat.com; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://heyzine.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com *.adform.net js.hs-analytics.net js.hubspot.com js.usemessages.com connect.facebook.net maps.googleapis.com www.gstatic.com www.google.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.adform.net *.google.com.sg *.google.at connect.facebook.net embedwistia-a.akamaihd.net *.googleapis.com *.google.ch *.google.es *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: *.akamaihd.net *.wistia.com; frame-src 'self' *.adform.net fast.wistia.net *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com *.googlesyndication.com px.ads.linkedin.com *.google.be *.adform.net *.google.nl *.google.de connect.facebook.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net connect.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1