Values for content-security-policy: upgrade-insecure-requests 14,999 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 10,350 frame-ancestors 'self' 7,309 upgrade-insecure-requests; 7,123 block-all-mixed-content 3,094 frame-ancestors 'self'; 2,275 block-all-mixed-content; 1,571 frame-ancestors 'none' 1,342 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,037 frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 628 frame-ancestors 'none'; 580 report-to network-errors 441 default-src https: data: 'unsafe-inline' 'unsafe-eval' 438 frame-ancestors 'self' ; 386 img-src https: data:; upgrade-insecure-requests 385 frame-ancestors 'self' https://*.ally.ac; 369 347 report-uri /report-csp-violation 282 default-src * data: 'unsafe-eval' 'unsafe-inline' 247 object-src 'none' 212 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 197 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 166 frame-ancestors 'self' godaddy.com *.godaddy.com 163 upgrade-insecure-requests; frame-ancestors 'self' 137 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 129 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 107 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 100 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 97 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce; 96 default-src 'self'; img-src 'self' data: 95 frame-ancestors * 91 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 89 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 87 default-src 'none' 87 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 85 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 84 script-src 'self' 82 frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com 81 frame-ancestors 'self'; upgrade-insecure-requests 78 default-src 'self' http: https: data: blob: 'unsafe-inline' 78 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 77 report-uri /report-csp-violation; upgrade-insecure-requests 75 upgrade-insecure-requests; base-uri 'self'; 72 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 70 self 67 frame-ancestors about: 'self' 66 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 65 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 64 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 63 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 63 frame-ancestors 'self' cambuilder.com *.cambuilder.com sexroulettelive.net *.sexroulettelive.net; report-uri /api/csp-report; 61 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 57 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 56 default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 55 child-src * blob: 55 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cdn77.org fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.pingdom.net *.exoclick.com *.exosrv.com *.realsrv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.gtflixtv.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net; 54 frame-ancestors 'self' https://cms.scrippsdigital.com 52 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 50 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 49 default-src * 'unsafe-eval' 'unsafe-dynamic' 'unsafe-inline' data: blob: 49 base-uri 'self';default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 49 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 46 frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 46 frame-ancestors 'self' *.google.com *.googleusercontent.com 44 default-src 'self' 'unsafe-inline' 44 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 44 default-src 'self' 43 frame-ancestors 'self' https://*.plazz.net ; 43 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 42 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com; 41 default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob: 41 base-uri 'self' 40 upgrade-insecure-requests; block-all-mixed-content 39 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 39 frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 39 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 38 frame-ancestors 'self' www.bookends.info *.bookends.info 38 frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 38 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 37 frame-ancestors 'self' http://webvisor.com 35 frame-ancestors 'self' azeu.marketing.adobe.com 35 upgrade-insecure-requests;connect-src * 34 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 34 upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 33 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 33 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 33 frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 33 frame-ancestors 'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com 32 frame-ancestors self 31 * 31 base-uri 'self'; 31 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 31 ; 30 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com www.gstatic.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.giphy.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;upgrade-insecure-requests; 29 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 29 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 29 img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 29 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 29 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.rawgit.com cdn.jsdelivr.net cdnjs.cloudflare.com s3-us-west-2.amazonaws.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net fonts.googleapis.com cdnjs.cloudflare.com;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net static1.smartbear.co;frame-ancestors 'self'; 28 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 28 upgrade-insecure-requests; block-all-mixed-content; 28 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 28 frame-ancestors 'self' ; base-uri 'self'; 28 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 27 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 27 default-src 'self'; 27 default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 27 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 26 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net 26 script-src 'unsafe-inline' 'unsafe-eval' http: https: 26 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 26 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 26 frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 26 default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 26 default-src 'self'; script-src 'self' 'unsafe-inline' 25 default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.us.coca-cola.com; frame-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline' 'self' maps.google.com maps.googleapis.com www.google.com; 25 report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com geolocation.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net js.usemessages.com *.go-mpulse.net t1.daumcdn.net bc.ad.daum.net wcs.naver.net www.googleoptimize.com assets.app.smart-tribune.com www.teachingenglish.org.uk/ snap.licdn.com/li.lms-analytics/insight.min.js https://bccdn.azureedge.net/product-finder/pf-bundle.js region1.google-analytics.com region1.analytics.google.com *.hs-analytics.net *.hs-banner.com https://js-eu1.hsleadflows.net/leadflows.js hsforms.net *.hsforms.net; 25 default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https: data:; 25 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 24 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 24 frame-ancestors 24 frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 24 default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 24 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 24 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 23 frame-ancestors 'self' https://medium.com 23 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 23 frame-src * 23 default-src 'self'; frame-ancestors 'self' flex.cybersource.com; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com ; style-src * 'unsafe-inline'; font-src * data:; connect-src * 23 frame-ancestors 'self' *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com; 22 script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 22 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 22 script-src * 'unsafe-inline' 'unsafe-eval' 22 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org cookies-data.onetrust.io geolocation.onetrust.com privacyportal.onetrust.com www.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com api.mapbox.com atentochile.s1gateway.com maps.googleapis.com events.mapbox.com *.coke.com *.coca-cola.com *.prod.tccc-nextgen.com *.test.tccc-nextgen.com *.dev.tccc-nextgen.com *.tncid.app *.yimg.com *.ccnag.com *.ads-twitter.com www.googleadservices.com sc-static.net *.sprinklr.com n2.mouseflow.com *.reciteme.com *.demdex.net *.adobedc.net d1ah6cnxyby52e.cloudfront.net fifamx-prod.one-latam.ng.citko.net googleads.g.doubleclick.net unpkg.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com unpkg.com atentochile.s1gateway.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com api.tiles.mapbox.com bugcrowd.com assets.bugcrowdusercontent.com js.tncid.app *.salesforceliveagent.com js.adsrvr.org *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com audio4.audima.co cdn.mouseflow.com *.googleadservices.com pixel.mathtag.com sc-static.net *.analytics.yahoo.com *.sprinklr.com *.adobedtm.com *.reciteme.com reciteme.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com atentochile.s1gateway.com *.tiles.mapbox.com *.reciteme.com *.sprinklr.com *.coke.com unpkg.com; font-src 'self' data: use.typekit.net fonts.gstatic.com atentochile.s1gateway.com *.reciteme.com *.sprinklr.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' bugcrowd.com editor.wallboard.info; manifest-src 'self' data:; worker-src blob:; child-src blob:; 21 frame-ancestors none; 21 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 21 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 21 frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 20 frame-ancestors 'self'; report-uri /report-csp-violation 20 connect-src http://ip-api.com/ 'self' https: data: 20 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; prefetch-src 'self' ; img-src https: data: ; 20 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 20 default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.cookiebot.com *.edge-cdn.net *.google-analytics.com *.googletagmanager.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.secrz.de *.virtualearth.net ads.yahoo.com advdl.ammadv.it *.analytics.google.com assets.zendesk.com c.imedia.cz cm.g.doubleclick.net connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org form.lidl.com googleads.g.doubleclick.net lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz s.adroll.com s.ytimg.com tagmanager.google.com track.adform.net us-u.openx.net www.dwin1.com www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com; img-src 'self' data: *.analytics.google.com *.assets.schwarz *.bing.com *.ccmp.eu *.content.force.com *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.leaflets.schwarz *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de www.google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.analytics.google.com *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net *.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net *.cookiebot.com; frame-ancestors 'self' *.analytics.google.com *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.vdc.lidl *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl *.lidl-fatturaelettronica.it *.lidl-mazieji-gamintojai.prod.hdd.lt; 20 upgrade-insecure-requests; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https:; media-src 'self' blob: https:; worker-src blob:; connect-src 'self' https:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline';base-uri 'self';form-action 'self' *.eschoolview.com syndication.twitter.com platform.twitter.com https://script.google.com/macros/; font-src 'self' https: data:; object-src 'none'; child-src https:; frame-src https:; frame-ancestors https:; 20 frame-ancestors https://*.poki.io http://localhost:1234 19 frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 19 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 19 object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://vars.hotjar.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.loom.com/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 19 upgrade-insecure-requests; frame-ancestors 'none' 19 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 19 default-src='self' 19 frame-ancestors none 19 block-all-mixed-content; frame-ancestors 'self' 19 frame-ancestors devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:*; 19 script-src 'self' https://static.cloudflareinsights.com https://stage-rotators-cdn.griffona.app https://cdnboost.net *.google-analytics.com; connect-src * 19 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 18 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 18 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 18 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.bam-x.com https://*.attn.tv https://ln-rules.rewardstyle.com https://cdn.pbbl.co https://www.pinterest.com https://app.qubit.com blob: https://*.awin1.com https://*.zenaps.com https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://www.emjcd.com https://www.mczbf.com https://www.sjwoe.com https://*.attn.tv https://events.attentivemobile.com https://events.release.narrativ.com https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.dermstore.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://cdn.cookielaw.org; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.dermstore.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://static.narrativ.com https://cdn.attn.tv https://ln-rules.rewardstyle.com https://collector-8550.tvsquared.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://app.contentsquare.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 18 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com 18 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 18 ; frame-ancestors 'self' 18 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 18 frame-ancestors 'self' https://*.vmware.com; 17 default-src 'self' https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/ https://*.clarity.ms/ https://boards.greenhouse.io/ https://analytics.tiktok.com/ https://www.youtube.com/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://*.pcdn.co/ https://*.typeform.com/; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net https://www.snapengage.com https://*.pcdn.co/ https://*.typeform.com/; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://iframe.dacast.com https://www.facebook.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://optimize.google.com www.snapengage.com https://boards.greenhouse.io/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://www.canva.com/; font-src 'self' https://fonts.gstatic.com data: https://*.pcdn.co/ https://*.typeform.com/; connect-src 'self' https://*.amazonaws.com https://google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/ https://analytics.tiktok.com/ https://bat.bing.com/ https://*.clarity.ms/ https://*.pcdn.co/ https://*.typeform.com/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 17 default-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscglobal.com cdn.linkedin.oribi.io *.hsforms.com *.zoominfo.com *.amazonaws.com *.swiftypecdn.com *.swiftype.com script.crazyegg.com download.pwc.com rum-collector-2.pingdom.net *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com https://lat9412.d41.co; script-src 'self' *.cscglobal.com cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.google.com id.rlcdn.com csc.global optimize.google.com https://lat9412.d41.co/ https://cdn-0.d41.co/ rum-static.pingdom.net ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.maxmind.com *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com so.rlcdn.com ecf.d41.co snap.licdn.com 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-swM91haG/X9NG/nV9rXrrY+cIqOCdGL4wblE7Iv1YUE=' 'sha256-/uSbLCfpM9k9Ms2kyFxMg/iUge7hkKPLPIaXSFh3koM=' 'sha256-dRACfvF3R4ee851y3xf7SIPIwtmjsDrOhsTc+gDeDw8=' 'sha256-hmE0tSja9Q9GP0wLrO8tzHPEJAXZD3GYnvy1bLBQUQI=' 'sha256-wdnpbUQepL3OqCek7EWeNGLhuQ9cTh4oybMGf+oQlHY=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-BxEMh+6tFvrZlYExVj3AlGauJ7rpjeREdiHzW9fN2Us=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-60Y5SZryMP/67Q/k36LVBXH6SBee31fcbdC5y8D7RYw=' 'sha256-yci9qsNextpGExIli9ndvm6xHfs85H+hnRbj06/BHxI=' 'sha256-QWBBvRysq0d64SCNwur/0PjI5JiY7DPineh0OXexHEo=' 'sha256-KJ9rJRyi9WwAtKJBS0P7Jp33iDFTavWdrI42p11R8hc=' 'sha256-uhWYOWpfBjcCGW0/7uEcRDS81NDcXJZUUh04Mz5iegI=' 'sha256-fQvhFvKX3k68p/SxRzzISH56WeuYTDlEcieu+49eXbY=' 'sha256-A97b20Ydt7u/Q6V5p1vtEILRv4C5YKKgERZ7Vg2ezl8=' 'sha256-9ivl7iL1azXyLtEHH05SFSAH1Uk6FIFB7Ne3aOclB38=' 'sha256-DggP0yBD7y8RnqVl8DqXO9UKEPn4j5expUYqVPYuo60=' 'sha256-fZIx1ukK+dEJq5T+5M6mayzaPFubN/b85dpdRL7Xwq4=' 'sha256-7+Cai1EhQOt360NzDf0sNdEZ0o2ysQRr6D47MqFd3Mg=' 'sha256-pgPbbrrZtCA12hoxSpz8mkS2hBSjoXkAPzAEQncISIA='; style-src 'self' 'unsafe-hashes' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net ocp.cscglobal.com csc.global ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com tagmanager.google.com ssl.gstatic.com *.gstatic.com 'sha256-89lNUMxD1y50uf+7hLjBbuwuFpAVq3EEOFuE5PzDY+4=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-wdnpbUQepL3OqCek7EWeNGLhuQ9cTh4oybMGf+oQlHY=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-BxEMh+6tFvrZlYExVj3AlGauJ7rpjeREdiHzW9fN2Us=' 'sha256-o8tzNUueZrLSs7qhLTKJwSVH3sLbmQyLeYZu8PYrp+E=' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-pgPbbrrZtCA12hoxSpz8mkS2hBSjoXkAPzAEQncISIA='; img-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net p.adsymptotic.com *.swiftype.com *.cscglobal.com *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.youtube.com *.wufoo.com forms.hsforms.com *.google.com *.zmags.com drive.google.com; object-src 'none' 17 report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 17 frame-ancestors 'self' app.storyblok.com 17 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 17 frame-ancestors 'self' *.affino.com; 17 prefetch-src *.metart.com *.metartnetwork.com *.hustler.com *.metartmoney.com *.google-analytics.com *.googletagmanager.com;default-src 'self' blob: *.metart.com *.metartnetwork.com *.hustler.com;connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metart.com *.metartnetwork.com *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.sentry.io;style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com *.metart.com *.metartnetwork.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.metart.com *.metartnetwork.com *.vwo.com;script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metart.com *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com;frame-src 'self' *.twitter.com *.hustler.com *.metart.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.metart.com *.metartnetwork.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.hustlerlive.com *.barelylegallive.com *.vscdns.com;media-src 'self' data: blob: *.nsimg.net *.metart.com *.hustler.com *.metartnetwork.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 17 frame-ancestors 'self' https://translate.google.com 17 frame-ancestors 'self' https://testbaba.virtualcms.it 17 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 17 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 17 frame-ancestors 'self' https://preview.citynavigator.nl 17 frame-ancestors 'self' *.plentymarkets-cloud-de.com 17 frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.cloud.sap *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.cloud.sap *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 16 frame-ancestors 'self' https://*.funkedigital.de; 16 img-src *; 16 default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com use.fontawesome.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com;media-src www.lntvglobal.com;worker-src 'self' blob: 16 default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src https: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 16 object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 16 frame-ancestors 'self' *.facebook.com *.vk.com https://webvisor.com http://webvisor.com 16 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 15 frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 15 frame-ancestors 'self'; upgrade-insecure-requests; 15 require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 15 upgrade-insecure-requests; frame-ancestors 'self'; 15 default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 15 frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 15 block-all-mixed-content; upgrade-insecure-requests; 15 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 15 default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 15 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com http://addshoppers.s3.amazonaws.com http://connect.facebook.net https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com *.rtb123.com *.s3.amazonaws.com https://tt.mbww.com/ https://shop.pe https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/ https://s7.addthis.com seaworld.com https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://spot.demostellar.com/1.3.0/spot.js *.tvpixel.com https://dfp.bouncex.net/ https://consent-pref.trustarc.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com https://static.cloudflareinsights.com/ code.jquery.com maxcdn.bootstrapcdn.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com https://seaworld-capi.spire.horizonmedia.com https://apps.rokt.com https://schema.milestoneinternet.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ code.jquery.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com ;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe *.scdn2.secure.raxcdn.com https://*.buschgardens.com https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com;frame-src 'self' s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/ https://match.adsrvr.org/ *.google-analytics.com *.analytics.google.com https://apps.rokt.com ;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/ wss://ws13.hotjar.com https://sts.eccmp.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com/ *.tvpixel.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.com/ https://sessions.bugsnag.com wss://tsock.us1.twilio.com/v3/wsconnect https://seaworld-capi.spire.horizonmedia.com https://schema.milestoneinternet.com/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/ *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/ https://stage-media.scdn6.secure.raxcdn.com/ *.google-analytics.com *.analytics.google.com; 15 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 15 default-src https: 'unsafe-inline' 'unsafe-eval' 15 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 15 frame-ancestors 'self' *.fundacionmapfre.org *.mapfre.com *.mapfre.es *.mapfrebhd.com *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de quote.insureandgo.com.au desarrollos.cesvicolombia.com assistencia.bbseguros.com.br *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfrebhd.com.do www.seguroviajesmapfrebhd.com; 15 default-src * data: 'unsafe-inline' 'unsafe-eval' 15 frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 15 frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 15 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 14 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 14 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 14 img-src data: https: 14 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 14 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 14 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 14 object-src 'none'; 14 default-src 'self' 'unsafe-inline' *.azureedge.net;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://embed.tawk.to https://shopapi.dunkermotoren.de https://dwebshoptest.plan-software.de https://aff-im.cdn.bcebos.com *.azureedge.net *.cookielaw.org *.onetrust.com *.phantomcamera.de *.phantomcamera.es *.phantomcameras.cn *.phantomcamera.fr wistia.com wistia.net *.wistia.com *.wistia.net *.ametekesp.com *.powervar.com *.precitech.com *.precitech.com.de *.ametek.com *.ametekweb.com *.sunpowerinc.com *.ameteksi.com *.ortec-online.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.ametek-land.com *.omappapi.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.techmfg.cn *.techmfg.de *.techmfg.jp *.techmfg.es *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com https://go.universalanalyzers.com https://go.store.universalanalyzers.com https://go.pardot.com https://go.obcorp.com https://go.csiheat.com https://go.cardinaluhp.com https://go.barbenanalytical.com https://optinmonster.com https://cdn.datatables.net http://s7.addthis.com https://v1.addthisedge.com 'unsafe-eval';style-src * 'unsafe-inline' *.azureedge.net;font-src * 'unsafe-inline' *.azureedge.net data:;img-src * 'unsafe-inline' *.azureedge.net data:;frame-src * 'unsafe-inline' *.azureedge.net;connect-src * 'unsafe-inline' *.azureedge.net;worker-src 'self' *.azureedge.net blob:;media-src 'self' *.boltdns.net *.akamaihd.net *.azureedge.net blob:;object-src 'unsafe-inline' *.azureedge.net 'self' 14 frame-ancestors *; 14 block-all-mixed-content; upgrade-insecure-requests 14 default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 14 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 14 base-uri 'self'; frame-ancestors 'self' 14 object-src 'self'; base-uri 'none' 14 form-action 'self' 14 default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; 14 frame-ancestors 'self' https://*.enamad.ir 14 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 14 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 13 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 13 object-src 'none'; base-uri 'self' 13 font-src 'self' 13 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 13 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 13 frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 13 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 13 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 13 frame-ancestors 'self' https://webvisor.com https://mc.yandex.ru https://yastatic.net 13 frame-ancestors 'self'; object-src 'self' 13 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; 13 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 12 frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 12 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 12 frame-ancestors 'none'; upgrade-insecure-requests 12 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 12 frame-ancestors 'self' http://localhost:* https://*.bustle.com https://*.bdg.com 12 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 12 frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 12 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 12 default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 12 frame-ancestors 'self' *.ci360.sas.com 12 script-src 'self' 'unsafe-inline' 12 frame-ancestors 'self' gather.town; 12 frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 12 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src * blob: ; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 12 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 12 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 12 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 12 font-src 'none' 12 policy 12 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 12 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.gstatic.com https://*.jivosite.com https://*.dmca.com https://*.google-analytics.com wss://*.jivosite.com; img-src 'self' data: https://*.dmca.com https://*.jivosite.com; 12 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 11 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cdn77.org fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.pingdom.net *.exoclick.com *.exosrv.com *.realsrv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.gtflixtv.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net; 11 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 11 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 11 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be; 11 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru *.jivo.ru *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com 11 frame-ancestors 'self' https://app.storyblok.com 11 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 11 frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 11 upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; 11 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 11 default-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval' ; object-src *; script-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.acer.com *.acer.com.cn; 11 frame-ancestors http://kpmg.experiencecloud.adobe.com 11 frame-ancestors *.ivanti.com https://dash.cloudflare.com 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://tag.demandbase.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com https://cdn.jsdelivr.net https://app.vwo.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 11 default-src 'self' vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.sift.com cdn.ampproject.org cdn.koala.live cdn.heapanalytics.com heapanalytics.com cdn.ethyca.com cdn.vercel-insights.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com github.com calendly.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com blob: vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;connect-src data: *;font-src 'self' *.vercel.com *.gstatic.com;worker-src blob: 11 object-src 'none'; report-uri /report-csp-violation 11 frame-ancestors https:; default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://*.algolia.net https://*.algolianet.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.polyfill.io https://cdn.amplitude.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com *; form-action api-iam.intercom.io intercom.help; media-src *.intercomcdn.com; 11 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 11 default-src *.hossa.inwx.com https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 11 default-src 'self' *.kpn.com; frame-ancestors 'self' mijnzakelijk.kpn.com www.grip-on-it.com https://*.useinsider.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com *.dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://assets.adobedtm.com *.pardot.com opt.objectiveportal.com www.facebook.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com *.useinsider.com https://kpnnl.maps.arcgis.com *.bing.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com *.licdn.com *.useinsider.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://assets.adobedtm.com opt.objectiveportal.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.linkedin.com *.licdn.com p.adsymptotic.com api.useinsider.com kpnnl.api.useinsider.com https://images.ctfassets.net *.dwin1.com *.bing.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com media.licdn.com; frame-src *.doubleclick.net callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com kpn-itns.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net emea1-proxy.adobemc.com www.facebook.com *.onetrust.com *.atdmt.com *.adservice.google.nl www.googletagmanager.com tagmanager.google.com www.linkedin.com *.useinsider.com https://kpnnl.maps.arcgis.com https://open.spotify.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com *.useinsider.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net emea1-proxy.adobemc.com wss://*.kpn.com/chat-engine *.cookielaw.org *.onetrust.com www.pingvp.com kpn.pingvp.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com *.linkedin.com *.licdn.com *.useinsider.com; object-src 'self' https://kpnnl.maps.arcgis.com 11 default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 11 default-src 'self' *uat.tenethealth.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com; media-src 'self' data: blob: https://media.tenethealth.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com; frame-src *.marketo.com *.sitefinity.xyz 'self' *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://w3.cdn.anvato.net/ https://cdns.snacktools.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/; 11 frame-ancestors http://*.almamedia.net https://*.almamedia.net https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 11 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src *; media-src *; worker-src 'self' blob: *; 11 frame-ancestors 'self' https://*.etracker.com 11 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 11 base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' *.cf.brightcove.com *.force.com *.marketoresp.com *.media.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.usercentrics.eu *.virtualevent.siemens.com 322e30018b7e4846825041773c891f42.svc.dynamics.com 7gjrjhtrwh.execute-api.us-east-2.amazonaws.com 872-xot-578.marketo.com 872-xot-578.mktoresp.com adservice.google.com adservice.google.com api-fra.livechatinc.com api.company-target.com api.dc.siemens.com api.ipify.org asia.adform.net assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com cert-portal.siemens.com d1p0l0wtisukf7.cloudfront.net data.cdn.siemens.com directline.botframework.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud dpm.demdex.net dvt4t9p29wi8.cloudfront.net edge.api.brightcove.com geolocation.onetrust.com go.cuenect.de hitech.at hkekomxpr6.execute-api.eu-central-1.amazonaws.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com images.sleeknote.com limvjirfm8.execute-api.us-east-2.amazonaws.com manifest.prod.boltdns.net metrics.brightcove.com mktdplp102cdn.azureedge.net nld1rtp1.marketo.com o1.ingest.sentry.siemens-web.com partnerinfo.siemens.at preview.babylonjs.com privacyportal-eu.onetrust.com profiles.siemens.com profilesstage.siemens.com reporting-hub.ryze-digital.de resource.finnchat.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.fm siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sleeknotestaticcontent.sleeknote.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w2.siemens.com.cn w3.siemens.com wss://directline.botframework.com www.automation.siemens.com www.downloads.siemens.com www.facebook.com www.fortbildung.siemens.com www.google.com www.google.com www.hqs.sbt.siemens.com www.siemens.at www.yousty.ch ue2gfcryae.execute-api.eu-central-1.amazonaws.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com data: reporting-hub.ryze-digital.de tools.adlytics.net; frame-ancestors 'self' contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com; frame-src 'self' *.equitystory.com *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu *.webinar.siemens.com 322e30018b7e4846825041773c891f42.svc.dynamics.com 872-xot-578.marketo.com bid.g.doubleclick.net cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com data: extranet.siemens.pt helpchat.siemens.com hit.sbt.siemens.com jobs.siemens-info.com maestrobot.it-app.biz pages.siemens-info.com partner.vytal.org partners.finance.siemens.ru partners.sea.siemens.com players.brightcove.net playout.3qsdn.com secure-fra.livechatinc.com siemens.demdex.net siemens.fm sites.siemens-info.com tpc.googlesyndication.com www.facebook.com www.lowvoltage.siemens.com www.siemens.at; img-src 'self' *.prescreen.io *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 322e30018b7e4846825041773c891f42.svc.dynamics.com 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com analytics.sleeknote.com android-webview-video-poster: asia.adform.net baudoku.1000eyes.de blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.go.cuenect.net cdn.livechat-files.com cdn.livechatinc.com cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com data: dc.ads.linkedin.com googleads.g.doubleclick.net ib.adnxs.com images.mktsvcp102we001.svc.dynamics.com maestrobot.it-app.biz metrics.brightcove.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com reporting-hub.ryze-digital.de secure.adnxs.com siemens.fm siemens.sc.omtrdc.net sp.analytics.yahoo.com spdl.prescreenapp.io stats.adlytics.net t.co tr.outbrain.com trc.taboola.com ups.xplosion.de visitor-services.nanorep.com www.blids.de www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com www.siemens.at siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com; manifest-src 'self'; media-src 'self' *.cf.brightcove.com *.media.brightcove.com assets.new.siemens.com blob: cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net secure.brightcove.com siemens.fm; object-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.marketo.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ais.insights.emetriq.de ajax.googleapis.com analytics.twitter.com api-fra.livechatinc.com api.livechatinc.com asia.adform.net assets.adobedtm.com cdn.botframework.com cdn.cookielaw.org cdn.livechatinc.com cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com connect.facebook.net cookies.siemens.com d22d1xpx4ztuef.cloudfront.net data.cdn.siemens.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com mktdplp102cdn.azureedge.net munchkin.marketo.net my.nanorep.com players.brightcove.net preview.babylonjs.com profiles.siemens.com profilesstage.siemens.com reporting-hub.ryze-digital.de resource.finnchat.com scripts.demandbase.com secure-fra.livechatinc.com secure.adnxs.com secure.livechatinc.com siemens.fm siemensdigitalindustries.nanorep.co sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com snap.licdn.com static.ads-twitter.com t.jabmo.app tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com www.sfs.siemens.de; style-src 'self' 'unsafe-inline' *.force.com *.marketo.com *.marketo.net *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.botframework.com cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com data: profiles.siemens.com profilesstage.siemens.com reporting-hub.ryze-digital.de siemens.fm tools.adlytics.net w3.siemens.com www.sfs.siemens.de; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=sites-prod&sentry_release=499cafab; 11 default-src * 'unsafe-inline' 'unsafe-eval' data: 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleoptimize.com optimize.google.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com; object-src 'none' 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 11 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.google-analytics.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.google-analytics.com; frame-src 'self' 'unsafe-inline' https://*.clearstep.health https://www.youtube.com https://youtube.com *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.google-analytics.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content; 11 frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 11 default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 11 script-src https: 'unsafe-inline' 'unsafe-eval' 11 frame-ancestors 'self' *.roomlynx.net 11 frame-ancestors 'self' *.lycos.com 10 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10 default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 10 none 10 upgrade-insecure-requests;frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ http://www.staging.medscape.com/ http://www.skipta.com/ https://www.staging.medscape.com/ https://www.skipta.com/ http://staging.medscape.com/ http://skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ http://medscape.com/ 10 default-src 'self'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant https://bat.bing.com/actionp/; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de https://*.instana.io; frame-ancestors 'self' https://www.meinestadt.de https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https: https://*.instana.io; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://www.sovendus.com/banner-responsive/; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de https://translate.googleapis.com https://*.adyen.com; media-src 'self'; upgrade-insecure-requests; report-uri /ls/ 10 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 10 worker-src 'self' 10 referrer no-referrer 10 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de; object-src 'self' *.verbraucherzentrale.de; 10 default-src 'self'; connect-src https: wss:; font-src https:; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 10 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 10 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 10 frame-ancestors 'none' ; 10 frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 10 require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/chromewebstore/2 10 default-src https: wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 10 script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 10 frame-ancestors 'self' *.vergic.com 10 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 10 frame-ancestors https://cms-prod.brxm.grandvision.io 10 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 10 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 10 frame-ancestors https: 10 object-src 'none'; form-action 'self' 10 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src *.licdn.com *.lynda.com; worker-src blob: 'self'; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri /security/csp?e=p&f=gg 9 default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 9 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 9 frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com; 9 default-src 'unsafe-eval' 'unsafe-inline' *.typekit.net *.adobeaemcloud.com *.flipsnack.com *.cdnsvc.com *.novetta.com *.datadoghq-browser-agent.com *.day.com *.scene7.com *.accenture.com *.reddit.com *.captcha.com *.amazonaws.com *.bing.com *.cdninstagram.com *.clicktale.net *.cloudflare.com *.demandbase.com *.demdex.net *.facebook.net *.doubleclick.net *.fontawesome.com *.microsoftonline.com *.onetrust.com *.siteimprove.com *.siteimprove.net *.vidyard.com *.storied.co *.cookielaw.org *.accenture.test *.bnr.nl *.mktoresp.com *.adobe.com *.clarity.ms *.ads-twitter.com *.twitter.com *.confirmit.com *.haceonline.org *.contentsquare.com *.salesforce.com *.javelingroup.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.ggpht.com *.gstatic.com *.google.co.za *.google.ca *.bootstrapcdn.com *.embed.ly *.jsdelivr.net d3js.org *.adsrvr.org *.schema.org *.ytimg.com *.contentsquare.net *.apple.com *.simplecast.com *.libsyn.com *.google.co.in *.tableau.com *.accenture.cn *.linkedin.com *.google.com.ph *.google.com *.knotch.it *.google.com.sg *.lightinfosys.com *.mettl.de *.percipio.com *.omtrdc.net *.company-target.com *.adobedtm.com *.cocubes.com *.everesttech.net *.cocubesprod.com *.googleapis.com *.rlcdn.com *.en25.com *.rosettastone.com *.ml314.com *.adsymptotic.com *.twimg.com *.delvenetworks.com *.echosign.com *.licdn.com *.echocdn.com *.crwdcntrl.net *.ietf.org *.unpkg.com *.accenturealumni.com *.facebook.com *.glassdoor.com *.google-analytics.com *.googletagmanager.com *.indeed.com *.knotch-cdn.com *.monster.com *.redditstatic.com *.slideshare.net *.youtube.com *.youtube-nocookie.com *.marketo.net *.virtualearth.net *.mktgcdn.com *.accenture.jp *.newsroom.accenture.de *.login.live.com *.adnxs.com *.yahoo.com *.casalemedia.com *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.pagetiger.com *.turtl.co *.azurewebsites.net *.appcast.io *.oribi.io https://t.co blob:; script-src 'unsafe-eval' 'unsafe-inline' *.typekit.net *.adobeaemcloud.com *.flipsnack.com *.cdnsvc.com *.novetta.com *.datadoghq-browser-agent.com *.day.com *.scene7.com *.accenture.com *.reddit.com *.captcha.com *.amazonaws.com *.bing.com *.cdninstagram.com *.clicktale.net *.cloudflare.com *.demandbase.com *.demdex.net *.facebook.net *.doubleclick.net *.fontawesome.com *.microsoftonline.com *.onetrust.com *.siteimprove.com *.siteimprove.net *.vidyard.com *.storied.co *.cookielaw.org *.accenture.test *.bnr.nl *.mktoresp.com *.adobe.com *.clarity.ms *.ads-twitter.com *.twitter.com *.confirmit.com *.haceonline.org *.contentsquare.com *.salesforce.com *.javelingroup.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.ggpht.com *.gstatic.com *.google.co.za *.google.ca *.bootstrapcdn.com *.embed.ly *.jsdelivr.net d3js.org *.adsrvr.org *.schema.org *.ytimg.com *.contentsquare.net *.apple.com *.simplecast.com *.libsyn.com *.google.co.in *.tableau.com *.accenture.cn *.linkedin.com *.google.com.ph *.google.com *.knotch.it *.google.com.sg *.lightinfosys.com *.mettl.de *.percipio.com *.omtrdc.net *.company-target.com *.adobedtm.com *.cocubes.com *.everesttech.net *.cocubesprod.com *.googleapis.com *.rlcdn.com *.en25.com *.rosettastone.com *.ml314.com *.adsymptotic.com *.twimg.com *.delvenetworks.com *.echosign.com *.licdn.com *.echocdn.com *.crwdcntrl.net *.ietf.org *.unpkg.com *.accenturealumni.com *.facebook.com *.glassdoor.com *.google-analytics.com *.googletagmanager.com *.indeed.com *.knotch-cdn.com *.monster.com *.redditstatic.com *.slideshare.net *.youtube.com *.youtube-nocookie.com *.marketo.net *.virtualearth.net *.mktgcdn.com *.accenture.jp *.newsroom.accenture.de *.login.live.com *.adnxs.com *.yahoo.com *.casalemedia.com *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.pagetiger.com *.turtl.co *.azurewebsites.net *.appcast.io *.oribi.io https://t.co blob:; img-src *.typekit.net *.adobeaemcloud.com *.flipsnack.com *.cdnsvc.com *.novetta.com *.datadoghq-browser-agent.com *.day.com *.scene7.com *.accenture.com *.reddit.com *.captcha.com *.amazonaws.com *.bing.com *.cdninstagram.com *.clicktale.net *.cloudflare.com *.demandbase.com *.demdex.net *.facebook.net *.doubleclick.net *.fontawesome.com *.microsoftonline.com *.onetrust.com *.siteimprove.com *.siteimprove.net *.vidyard.com *.storied.co *.cookielaw.org *.accenture.test *.bnr.nl *.mktoresp.com *.adobe.com *.clarity.ms *.ads-twitter.com *.twitter.com *.confirmit.com *.haceonline.org *.contentsquare.com *.salesforce.com *.javelingroup.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.ggpht.com *.gstatic.com *.google.co.za *.google.ca *.bootstrapcdn.com *.embed.ly *.jsdelivr.net d3js.org *.adsrvr.org *.schema.org *.ytimg.com *.contentsquare.net *.apple.com *.simplecast.com *.libsyn.com *.google.co.in *.tableau.com *.accenture.cn *.linkedin.com *.google.com.ph *.google.com *.knotch.it *.google.com.sg *.lightinfosys.com *.mettl.de *.percipio.com *.omtrdc.net *.company-target.com *.adobedtm.com *.cocubes.com *.everesttech.net *.cocubesprod.com *.googleapis.com *.rlcdn.com *.en25.com *.rosettastone.com *.ml314.com *.adsymptotic.com *.twimg.com *.delvenetworks.com *.echosign.com *.licdn.com *.echocdn.com *.crwdcntrl.net *.ietf.org *.unpkg.com *.accenturealumni.com *.facebook.com *.glassdoor.com *.google-analytics.com *.googletagmanager.com *.indeed.com *.knotch-cdn.com *.monster.com *.redditstatic.com *.slideshare.net *.youtube.com *.youtube-nocookie.com *.marketo.net *.virtualearth.net *.mktgcdn.com *.accenture.jp *.newsroom.accenture.de *.login.live.com *.adnxs.com *.yahoo.com *.casalemedia.com *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.pagetiger.com *.turtl.co *.azurewebsites.net *.appcast.io *.oribi.io https://t.co data:; connect-src *.typekit.net *.adobeaemcloud.com *.flipsnack.com *.cdnsvc.com *.novetta.com https://rum.browser-intake-datadoghq.com *.datadoghq.com *.day.com *.scene7.com *.accenture.com *.reddit.com *.captcha.com *.amazonaws.com *.bing.com *.cdninstagram.com *.clicktale.net *.cloudflare.com *.demandbase.com *.demdex.net *.facebook.net *.doubleclick.net *.fontawesome.com *.microsoftonline.com *.onetrust.com *.siteimprove.com *.siteimprove.net *.vidyard.com *.storied.co *.cookielaw.org *.accenture.test *.bnr.nl *.mktoresp.com *.adobe.com *.clarity.ms *.ads-twitter.com *.twitter.com *.confirmit.com *.haceonline.org *.contentsquare.com *.salesforce.com *.javelingroup.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.ggpht.com *.gstatic.com *.google.co.za *.google.ca *.bootstrapcdn.com *.embed.ly *.jsdelivr.net d3js.org *.adsrvr.org *.schema.org *.ytimg.com *.contentsquare.net *.apple.com *.simplecast.com *.libsyn.com *.google.co.in *.tableau.com *.accenture.cn *.linkedin.com *.google.com.ph *.google.com *.knotch.it *.google.com.sg *.lightinfosys.com *.mettl.de *.percipio.com *.omtrdc.net *.company-target.com *.adobedtm.com *.cocubes.com *.everesttech.net *.cocubesprod.com *.googleapis.com *.rlcdn.com *.en25.com *.rosettastone.com *.ml314.com *.adsymptotic.com *.twimg.com *.delvenetworks.com *.echosign.com *.licdn.com *.echocdn.com *.crwdcntrl.net *.ietf.org *.unpkg.com *.accenturealumni.com *.facebook.com *.glassdoor.com *.google-analytics.com *.googletagmanager.com *.indeed.com *.knotch-cdn.com *.monster.com *.redditstatic.com *.slideshare.net *.youtube.com *.youtube-nocookie.com *.marketo.net *.virtualearth.net *.mktgcdn.com *.accenture.jp *.newsroom.accenture.de *.login.live.com *.adnxs.com *.yahoo.com *.casalemedia.com *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.pagetiger.com *.turtl.co *.azurewebsites.net *.appcast.io *.oribi.io https://t.co; font-src *.typekit.net *.adobeaemcloud.com *.flipsnack.com *.cdnsvc.com *.novetta.com *.datadoghq-browser-agent.com *.day.com *.scene7.com *.accenture.com *.reddit.com *.captcha.com *.amazonaws.com *.bing.com *.cdninstagram.com *.clicktale.net *.cloudflare.com *.demandbase.com *.demdex.net *.facebook.net *.doubleclick.net *.fontawesome.com *.microsoftonline.com *.onetrust.com *.siteimprove.com *.siteimprove.net *.vidyard.com *.storied.co *.cookielaw.org *.accenture.test *.bnr.nl *.mktoresp.com *.adobe.com *.clarity.ms *.ads-twitter.com *.twitter.com *.confirmit.com *.haceonline.org *.contentsquare.com *.salesforce.com *.javelingroup.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.ggpht.com *.gstatic.com *.google.co.za *.google.ca *.bootstrapcdn.com *.embed.ly *.jsdelivr.net d3js.org *.adsrvr.org *.schema.org *.ytimg.com *.contentsquare.net *.apple.com *.simplecast.com *.libsyn.com *.google.co.in *.tableau.com *.accenture.cn *.linkedin.com *.google.com.ph *.google.com *.knotch.it *.google.com.sg *.lightinfosys.com *.mettl.de *.percipio.com *.omtrdc.net *.company-target.com *.adobedtm.com *.cocubes.com *.everesttech.net *.cocubesprod.com *.googleapis.com *.rlcdn.com *.en25.com *.rosettastone.com *.ml314.com *.adsymptotic.com *.twimg.com *.delvenetworks.com *.echosign.com *.licdn.com *.echocdn.com *.crwdcntrl.net *.ietf.org *.unpkg.com *.accenturealumni.com *.facebook.com *.glassdoor.com *.google-analytics.com *.googletagmanager.com *.indeed.com *.knotch-cdn.com *.monster.com *.redditstatic.com *.slideshare.net *.youtube.com *.youtube-nocookie.com *.marketo.net *.virtualearth.net *.mktgcdn.com *.accenture.jp *.newsroom.accenture.de *.login.live.com *.adnxs.com *.yahoo.com *.casalemedia.com *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.pagetiger.com *.turtl.co *.azurewebsites.net *.appcast.io *.oribi.io https://t.co data:; upgrade-insecure-requests; block-all-mixed-content 9 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 9 frame-ancestors https://*.marketo.com 9 default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de; 9 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 9 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.osi.gov.au https://*.cetc.gov.au 9 object-src 'none'; frame-ancestors 'none' 9 object-src 'none'; frame-ancestors 'self' 9 frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com *.backoffice.mastermedia.orange-business.com 9 default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src https:; connect-src https:; object-src https:; child-src https:; 9 font-src *.vggcdn.net cdn.viagogo.net https://fonts.gstatic.com data:; report-uri https://wt.viagogo.net/cspr; 9 default-src 'self' *.miraheze.org *.betaheze.org; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com www.recaptcha.net platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net cdn.syndication.twimg.com scratchblocks.github.io openlayers.org phab.miraheze.wiki www.gstatic.cn; style-src 'self' data: 'unsafe-inline' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com phab.miraheze.wiki; img-src blob: 'self' data: *.miraheze.org *.betaheze.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org scratchblocks.github.io docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com phab.miraheze.wiki *.fbcdn.net; font-src 'self' data: *.miraheze.org *.betaheze.org fonts.gstatic.com cdn.jsdelivr.net db.onlinewebfonts.com phab.miraheze.wiki upload.wikimedia.org; media-src 'self' blob: *.miraheze.org *.betaheze.org upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com; frame-src 'self' *.miraheze.org *.betaheze.org www.google.com docs.google.com www.recaptcha.net web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu; connect-src 'self' *.miraheze.org *.betaheze.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com; 9 frame-ancestors 'self' *.intuit.com 9 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 9 default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com ps.w.org klasresearch.com *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 9 frame-ancestors "none" 9 frame-ancestors 'https://developer.livehelpnow.net/js/socket.js'; 9 object-src 'self'; frame-ancestors 'self' 9 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 9 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 9 frame-ancestors 'self' https://virtual-tours.msccruises.com; 9 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 9 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 9 default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9 font-src *;img-src * data:; 9 default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.ooklaserver.net; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn https://*.speedtestcustom.com https://speedtest.cableonda.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co https://api.retargetly.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://*.retargetly.com https://traffic.kickadsit.com https://affperformance.com https://graph.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://*.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io https://tigo.us9.list-manage.com https://www.youtube.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://maps.googleapis.com https://api.retargetly.com https://www.rtb123.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleapis.com https://tigobusiness.us6.list-manage.com https://analytics.twitter.com https://static.ads-twitter.com https://*.licdn.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://d2rp1k1dldbai6.cloudfront.net/cybba_latest.min.js https://*.retargetly.com https://traffic.kickadsit.com https://affperformance.com https://ads.sonataplatform.com https://graph.facebook.com https://sibautomation.com https://criteo.com https://criteo.net https://*.smooch.io https://*.zendesk.com https://facebook.com/signals/iwl.js https://resources-rt.idx.lat/ https://rt.idx.lat; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://*.smooch.io https://*.zendesk.com; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://prs.arkeero.net https://*.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googleapis.com https://*.googleadservices.com https://analytics.twitter.com https://static.ads-twitter.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://*.retargetly.com https://www.facebook.com https://traffic.kickadsit.com https://affperformance.com https://graph.facebook.com https://cdn.smooch.io https://*.gravatar.com https://*.smooch.io https://*.zendesk.com https://resources-rt.idx.lat/ https://rt.idx.lat; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://www.googletagmanager.com/debug/badge.css https://cdn.smooch.io https://*.smooch.io https://*.zendesk.com; connect-src *; object-src 'none'; form-action 'none'; base-uri 'self'; frame-ancestors 'self'; 9 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 9 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.thehut.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://google.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 9 script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 9 upgrade-insecure-requests; base-uri 'self' 9 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 9 frame-ancestors 'self'; object-src 'none'; report-to default 9 frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com 9 require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 9 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 9 policy-definition 9 frame-ancestors 'self' http://*.elsevier.es/ 9 frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 9 img-src * 9 frame-ancestors 'self' https://*.imperva.com 9 default-src 'self' 'unsafe-inline'; 9 frame-ancestors https://web.telegram.org 9 default-src 'none'; connect-src http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com 'report-sample'; font-src https://fonts.gstatic.com; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * 'report-sample'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 9 default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline'; font-src * 'unsafe-inline' 9 upgrade-insecure-requests; frame-ancestors: self 9 frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 9 frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 8 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 8 frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 8 frame-ancestors 'self' https://metrika.yandex.ru/ 8 frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 8 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 8 upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 8 default-src * 'unsafe-inline' 'unsafe-eval' 8 frame-ancestors 'self' *.psplugin.com 8 frame-ancestors 'self' https://*.cornerstoneondemand.com;upgrade-insecure-requests;default-src 'self';connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 8 frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 8 frame-ancestors https://*.gov.cn http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888 http://183.64.111.243:28080 http://10.110.76.23 http://23.99.193.13 http://znwd.cqgxqzwzx.com:9090 8 frame-ancestors *.windstream.net 8 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 8 frame-ancestors 'self' https://es.chevrolet.com 8 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 8 frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 8 reflected-xss block 8 default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickio.mgr.consensu.org luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 8 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 8 frame-src 'self' * data: 8 frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com https://www.ibi.com; report-uri /report-csp-violation 8 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 8 frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 8 frame-ancestors 'self'; object-src 'none'; 8 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 8 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 8 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 8 frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests 8 default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 8 default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 8 frame-ancestors 'self' mychartplus.org *.mychartplus.org *.hartfordhealthcare.org *.hhcconnect.com *.hhcconnect.net *.hhcconnect.org *.hhchealth.com *.hhchealth.net *.hhchealth.org *.hhcandme.com *.hhcsystem.org 8 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 8 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; prefetch-src 'self' 8 default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; upgrade-insecure-requests; report-uri /csp.cgi; 8 unsafe-inline 8 report-to default 8 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com 8 default-src https: data: 'unsafe-inline' 'unsafe-eval'; 8 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 8 frame-ancestors 'self' letmedate.com www.letmedate.com 8 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 8 frame-ancestors tarketthome.com www.tarketthome.com 8 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.sli.do auskunft.nvv.de baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net easy-feedback.com easy-feedback.de editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-darmstadt-portal.rexx-recruitment.com ihk-hl.gr-live.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihk24.omq.de ihknw.pi-asp.de ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html maps2.sylphen.com maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net myjobboard.de n873043.websitebuilder.online pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net service.tecintelli.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats.g.doubleclick.net tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vstdbv3 w.soundcloud.com walls.io web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.bso-hessen.de www.econda-monitor.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.media42day.com www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.vvs.de www.youtube-nocookie.com ; report-uri /blueprint/servlet/csplogging/logViolation ; 8 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 8 frame-ancestors https:; 8 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 8 connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net habboo-a.akamaihd.net localhost.sulake.com localhost.sulake.com/* localhost.sulake.com:3000 localhost.sulake.com:3000/*; img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com cdn.ampproject.org adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; prefetch-src 'self' *.habbo.com; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br; form-action 'self' https://login.habbo.com; upgrade-insecure-requests; report-uri /csp/report 8 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; 8 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 8 default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 8 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 8 default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: unpkg.com cdn.dxpr.com www.googletagmanager.com www.gstatic.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com *.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.dxpr.com cdn.jsdelivr.net; img-src 'self' reedexhibitions.com www.rxglobal.com rxglobal.com *.google-analytics.com www.google.com www.google.co.uk *.googletagmanager.com data.shorthand.com iframely.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com cdn.dxpr.com cdn.cookielaw.org data: ; frame-src cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src data: 'unsafe-eval'; connect-src 'self' blob: rxglobal.com rxglobal.at cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.google-analytics.com gateway.shorthand.com www.gstatic.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io cdn.dxpr.com; base-uri 'none'; worker-src blob: 8 default-src * 'unsafe-inline' 'unsafe-eval' data:; 8 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 8 worker-src 'self'; 8 child-src 'self' blob: www.cdn-net.com prod.accdab.net https://pay.google.com/gp/p/js/pay.js; connect-src * ws-mt1.pusher.com rts-euc.freshworksapi.com; default-src 'self' assets.travix.com *.cdn-net.com; img-src 'self' * data:; font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com; object-src 'self' www.cdn-net.com prod.accdab.net https://pay.google.com/gp/p/js/pay.js; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdn.polyfill.io assets.travix.com www.cdn-net.com prod.accdab.net beacon.riskified.com six.cdn-net.com tagmanager.google.com https://pay.google.com/gp/p/js/pay.js *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com kayak.com static.ads-twitter.com static.hotjar.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net cars.cartrawler.com cdn.euc-freshbots.ai rts-euc.freshworksapi.co; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net cdn.euc-freshbots.ai; prefetch-src 'self' assets.travix.com *.cdn-net.com; frame-src www.booking.com *.bstatic.com *.doubleclick.net *.hotjar.com secure-test.worldpay.com ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ 8 default-src 'self' portal.promolife.be promolife.matomo.cloud cdn.cookielaw.org www.highco-data.be *.cookiefirst.com eu.api.fpjs.io tls-eun1.fpapi.io *.highco.be esironal.github.io www.googleapis.com api.highco.be cdn.datatables.net www.google-analytics.com doubleclick.net promolife.be graph.facebook.com api.twitter.com www.linkedin.com accounts.google.com; script-src 'self' 'unsafe-inline' cdn.matomo.cloud cdn.cookielaw.org www.googletagmanager.com *.cookiebot.com *.highco.be cdn.fpjs.io consent.cookiefirst.com unpkg.com cdnjs.cloudflare.com code.jquery.com stackpath.bootstrapcdn.com *.highco.be ajax.googleapis.com cdn.jsdelivr.net esironal.github.io maxcdn.bootstrapcdn.com www.google-analytics.com promolife.be cdn.datatables.net 'unsafe-eval'; img-src https: blob: data: http://www.highco-data.be; style-src 'unsafe-inline' 'self' www.highco-data.be consent.cookiefirst.com esironal.github.io use.fontawesome.com stackpath.bootstrapcdn.com highactions.highco.be api.autoaddress.ie maxcdn.bootstrapcdn.com portal.highco-data.be cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net codemirror.net; font-src 'self' *.highco.be fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com portal.highco-data.be fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' consentcdn.cookiebot.com https://promolife.be/ https://www.promolife.be/; 8 frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 8 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 8 frame-ancestors 'self' https://secure.safecharge.com; 8 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 8 default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 8 frame-ancestors 'self' *.facebook.com 8 default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 8 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 8 default-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru *.vk.com adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org cdn.consentmanager.net iframe.s3.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru relap.io static.criteo.net vk.com yandex.ru yandex.st yastat.net yastatic.net home.mrgcdn.ru 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru *.vk.com ads.betweendigital.com an.yandex.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net relap.io securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net ymetrica1.com home.mrgcdn.ru; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net home.mrgcdn.ru 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandex.ru yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=enforce&rev=11.07.22; 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com 7 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';script-src-elem * 'unsafe-inline';prefetch-src 'self' cdn.privacy-mgmt.com;manifest-src 'self' *.wsj.com;media-src * data: blob: https:;worker-src * 'unsafe-inline' 'unsafe-eval' blob: data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline' 'unsafe-eval';form-action * 'unsafe-inline';frame-ancestors * *.dowjones.net *.dowjones.io *.live.djnews.tools *.onservo.com;script-src-attr 'unsafe-inline';object-src 'self' 'unsafe-inline';img-src * data: https:;upgrade-insecure-requests;base-uri 'self';font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline' 7 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdn.vidible.tv https://cdnjs.cloudflare.com https://fonts.gstatic.com https://s0.wp.com ; 7 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 7 frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 7 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 7 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 7 connect-src * 7 frame-ancestors 'self' https://nurture.solarwinds.com/ 7 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 7 frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 7 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 7 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 7 frame-ancestors *.neuweb.biz *.home.neustar fast.wistia.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.adroll.com anchor.fm *.vimeo.com *.moatads.com benchmark.marketshare.com *.rlcdn.com *.company-target.com *.bidr.io *.facebook.com *.linkedin.com *.crazyegg.com *.myworkdayjobs.com *.neustar.biz *.neuweb.biz *.neustarlocaleze.biz *.cdn.neustar cdn.optimizely.com fast.wistia.net images-cdn.welcomesoftware.com *.pimcore.org *.marketo.com *.marketo.net *.mktoresp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com html5shim.googlecode.com code.jquery.com *.ads-twitter.com *.twitter.com t.co *.twimg.com *.bing.com *.gstatic.com *.agkn.com *.intentsify.io *.zoominfo.com *.visualwebsiteoptimizer.com *.google.com *.doubleclick.net *.truste.com *.quora.com *.adnxs.com *.liveperson.net *.intentsify.io *.newscred.com *.addthis.com *.addthisedge.com *.lpsnmedia.net *.wistia.com *.cloudflare.com *.syndication.twimg.com pixel.mathtag.com *.adentifi.com *.bizographics.com *.formalyzer.com oss.maxcdn.com *.ultradns.com *.webmetrics.com dnn506yrbagrg.cloudfront.net d12ulf131zb0yj.cloudfront.net ace-tag.advertising.com flex.atdmt.com se.monetate.net tag.demandbase.com siteimproveanalytics.com connect.facebook.net snap.licdn.com embedwistia-a.akamaihd.net *.adsymptotic.com fg8vvsvnieiv3ej16jby.litix.io *.discover.neustar *.soundcloud.com activationedge-fabrick-qa-576342464.us-east-1.elb.amazonaws.com blob: data:; 7 frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' 7 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 7 frame-ancestors https://*.canalplus.com https://*.canal-plus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 https://*.canalplus.com:3000 http://*.timvision.it https://*.timvision.it http://*.timvision.it:8888 https://*.timvision.it:3000 7 default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 7 frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 7 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 7 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' support.carousell.com 7 frame-ancestors 'self' https://optimize.google.com/ 7 upgrade-insecure-requests ; 7 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 7 default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/ https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com 'self' 7 default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https: 7 frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: https: blob:; 7 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 7 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn world.nh-hotels.com.cn *.telerain.com:* 7 default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 7 default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/ https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net/v2/3qYPyQxpW3IxDzWi5OV0ng/zaius-min.js;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.commoninja.com/api/v1/embed/a1375665-2fe9-4fa4-ad5d-e16d6cdee4c0; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 7 frame-ancestors 'self'; base-uri 'self'; 7 upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 7 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 7 upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' prep2021.elimparcial.com prepsonora2021.elimparcial.com prep2021bc.mx iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com *.avantisvideo.com *.aniview.com graphics.reuters.com embed.windy.com www.sunmedia.tv www.relappro.com *.flo.uri.sh flo.uri.sh premiomeritodeportivo.elimparcial.com df.elimparcial.com; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 7 frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 7 default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 7 img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 7 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 7 default-src http: 'unsafe-inline' 'unsafe-eval' 7 object-src 'self' 7 frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 7 block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 7 manifest-src 'self'; 7 frame-ancestors 'self'; object-src 'none' 7 img-src * data: blob: 7 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 7 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 7 default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 7 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 7 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 7 upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';base-uri 'self';block-all-mixed-content;object-src 'none' 7 default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 7 report-uri https://o204817.ingest.sentry.io/api/1516035/security/?sentry_key=d6080cb82c1f4deb84b8823cc99e0318; default-src 'self' *.toogoodtogo.com toogoodtogo.com try.abtasty.com data:; img-src * data: blob: 'self' *.abtasty.com *.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' report-sample *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.bing.com *.licdn.com *.abtasty.com; script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.licdn.com *.dwin1.com *.getsitecontrol.com *.abtasty.com *.app.cookieinformation.com *.hotjar.com *.youtube.com *.realytics.io *.realytics.net *.clarity.ms *.doubleclick.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com googletagmanager.com *.googleadservices.com *.googleapis.com *.sentry.io *.sentry-cdn.com *.bing.com *.facebook.com connect.facebook.net *.linkedin.com *.outbrain.com *.omgpl.com *.consensu.org *.cookieless-data.com *.teads.tv *.sddan.com *.adnxs.com the.sciencebehindecommerce.com *.zenaps.com analytics.tiktok.com; connect-src 'self' *.clarity.ms *.realytics.io *.bing.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.toogoodtogo.com *.app.cookieinformation.com sentry.io *.sentry.io *.doubleclick.net stats.g.doubleclick.net *.abtasty.com *.google-analytics.com *.facebook.com *.getsitecontrol.com *.getsitectrl.com *.google.com *.teads.tv the.sciencebehindecommerce.com analytics.tiktok.com *.tgtg.ninja *.oribi.io *.googletagmanager.com; form-action 'self' *.google.com *.facebook.com connect.facebook.net; frame-ancestors 'self' toogoodtogo.lu toogoodtogo.ie toogoodtogo.ca toogoodtogo.org toogoodtogo.com toogoodtogo.se toogoodtogo.pt toogoodtogo.pl toogoodtogo.it toogoodtogo.dk toogoodtogo.co.uk toogoodtogo.no toogoodtogo.de toogoodtogo.fr toogoodtogo.ch toogoodtogo.nl toogoodtogo.be toogoodtogo.es toogoodtogo.at; frame-src 'self' tpc.googlesyndication.com www.youtube.com bid.g.doubleclick.net vars.hotjar.com *.vimeo.com vimeo.com www.facebook.com policy.app.cookieinformation.com toogoodtogo.outgrow.us www.googletagmanager.com giphy.com *.giphy.com tbl.tradedoubler.com *.zenaps.com; object-src 'none'; base-uri 'self'; font-src * 'self' data: blob: *.abtasty.com *.gstatic.com *.googleapis.com; child-src blob: player.vimeo.com policy.app.cookieinformation.com vars.hotjar.com www.youtube.com toogoodtogo.outgrow.us 7 frame-ancestors 'self' *.authorize.net; 7 upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 7 frame-ancestors 'self' *.betssongroupaffiliates.com 7 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 7 'self' https://ajax.googleapis.com 7 default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 7 “upgrade-insecure-requests” 7 default-src 'none';base-uri 'self';child-src 'none';connect-src https://www.google-analytics.com https://addons.mozilla.org;font-src https://addons.mozilla.org/static-frontend/;form-action 'self';frame-src 'none';img-src 'self' data: https://addons.mozilla.org/user-media/ https://addons.mozilla.org/static-frontend/ https://addons.mozilla.org/static-server/ https://addons.cdn.mozilla.net/;manifest-src 'none';media-src 'none';object-src 'none';script-src https://addons.mozilla.org/static-frontend/ https://www.google-analytics.com/analytics.js;style-src https://addons.mozilla.org/static-frontend/;worker-src 'none';report-uri /__cspreport__ 7 default-src https: data: 'unsafe-inline' 7 block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 7 frame-ancestors 'self' http://webvisor.com https://webvisor.com 7 default-src https: 'unsafe-inline' 7 upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 7 script-src 'self' 'unsafe-eval' 'unsafe-inline' * 7 frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 7 upgrade-insecure-requests;frame-ancestors 'self' engage.dnb.com; 7 frame-ancestors https://webshop.scannet.dk https://webshop-admin.scannet.dk https://admin.hostedshop.dk https://admin.hostedshop.io https://admin.hostedcms.nu https://admin.hostedcms.io https://webshop.dandomain.dk https://admin.smartweb.io 7 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 6 frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php 6 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 6 script-src 'self' *.bac-assets.com cdn.cookielaw.org *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com api.boldchat.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:; 6 frame-ancestors 'self' xerox.com *.xerox.com 6 frame-ancestors *.gallupatwork.com *.gallup.com 6 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com *.mopinion.com surfnl.containers.piwik.pro 'unsafe-inline'; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com *.mopinion.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com *.mopinion.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' *.mopinion.com fonts.gstatic.com data:; connect-src 'self' *.mopinion.com surfnl.piwik.pro webstats.surf.nl; report-uri /report-csp-violation; upgrade-insecure-requests 6 frame-ancestors 'self' *.dynatrace.org *.dynatrace.com 6 frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com; 6 frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 6 frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6 default-src 'none'; media-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 6 frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com *.autotask.net; report-uri https://www.datto.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' ndn.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io fidelitycommunications.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com www.googletagmanager.com support.sparklight.com static.zdassets.com maps.googleapis.com snapwidget.com fonts.googleapis.com ekr.zdassets.com maps.gstatic.com cableone.zendesk.com widget-mediator.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net wss://widget-mediator.zopim.com bat.bing.com *.google-analytics.com static.hotjar.com www.googleadservices.com connect.facebook.net cltgtstor001.blob.core.windows.net js.adsrvr.org *.fls.doubleclick.net *.g.doubleclick.net *.hotjar.com cdn.polyfill.io insight.adsrvr.org targetuscentral.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us optimize.google.com; img-src 'self' data: *.gstatic.com www.cableone.net www.sparklight.com *.fls.doubleclick.net www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 6 frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co 'unsafe-eval' 'unsafe-inline'; 6 block-all-mixed-content;frame-ancestors *.mail.com 6 frame-ancestors self; 6 form-action https: 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com 6 default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 6 frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 6 default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 6 base-uri 'none'; child-src 'self'; connect-src 'self' https: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: googleads.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' data: https:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: www.google-analytics.com pagead2.googlesyndication.com www.google.com www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com c.evidon.com content.quantcount.com; worker-src 'none'; block-all-mixed-content; report-uri https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e; 6 script-src *; 6 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 6 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 6 frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 6 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 6 default-src 'self' https://www.google.com.br https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' data: https://assets.getsmartcontent.com https://www.google.co.in https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://cdn.m-t.io https://trk.m-t.io https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://chat-snippet.terminusplatform.com https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://www.google.com.pa https://www.facebook.com https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com 6 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 6 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 6 frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 6 object-src 'self'; script-src 'self' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.bunny.net https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl https://cdn.mouseflow.com https://authmobile.ent.cgi.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com 'unsafe-inline'; script-src-attr 'self'; style-src * 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com; report-uri /admin/config/system/seckit/csp-report 6 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 6 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 6 default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 6 frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 6 worker-src 'self' blob: 6 base-uri 'none'; default-src 'self' https://accesso.com https://px.ads.linkedin.com https://p.adsymptotic.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://pi.pardot.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://accesso.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://privacy-policy.truste.com data:; connect-src 'self' https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; font-src 'self' https://cloud.typography.com https://use.fontawesome.com data:; frame-src 'self' https://bid.g.doubleclick.net https://player.vimeo.com/ https://hello.accesso.com/ https://polaris.brighterir.com https://www.youtube.com; 6 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 6 frame-ancestors https://*.blackboard.com https://*.anthology.com; 6 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 6 default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; img-src https: data: 'self'; media-src https: 'self'; object-src 'self'; font-src https://fonts.gstatic.com https://fonts.googleapis.com 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: 'self' 6 frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl *.brainwash.nl; 6 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 6 require-trusted-types-for 'script';report-uri /cspreport 6 default-src 'self' data: *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forter.com https://mpsnare.iesnare.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://api.cloudsponge.com analytics.tiktok.com; connect-src 'self' *.go2bank.com *.google-analytics.com *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.extole.io https://*.xtlo.net analytics.tiktok.com; img-src 'self' i.ytimg.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 6 frame-ancestors https://app.kontent.ai; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src ; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content 6 default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 6 frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 6 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.wistia.com https://*.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tag.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://amplify.outbrain.com https://tracking-cdn.figpii.com https://cdn.inspectlet.com https://tr.outbrain.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.wistia.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com *.wistia.com netdna.bootstrapcdn.com data: https://www.altair.com/include-header-footer/fonts/; img-src 'self' https://www.altair.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://www.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google.com https://p.adsymptotic.com https://forms.hubspot.com https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net; media-src 'self' data: blob: fast.wistia.net fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com https://embed-fastly.wistia.com; frame-src 'self' *.hubspot.com *.hsforms.com https://app.usercentrics.eu www.google.com *.youtube.com www.youtube.com https://bid.g.doubleclick.net https://player.vimeo.com https://mkt.panopticon.altair.com www.facebook.com slideslive.com https://fast.wistia.com https://fast.wistia.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://api.hubspot.com/ https://api.hsforms.com/ https://api.hubapi.com https://forms.hubspot.com https://api.usercentrics.eu https://graphql.usercentrics.eu https://dc.services.visualstudio.com https://api.company-target.com https://manager.eu.smartlook.cloud https://www.google.com https://googleads.g.doubleclick.net https://forms.hsforms.com/ https://segments.company-target.com/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net/ https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com https://slideslive.com *.usercentrics.eu https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io; 6 default-src 'self' https://*.allkeyshop.com https://*.gift2gamers.com https://gift2gamers.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://widget.justwatch.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://discord.com https://cdnjs.cloudflare.com/ajax/libs https://system.warlegend.net https://cdn.datataeamjs.io https://gleam.iobles.net https://s.ytimg.com https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net/ https://www.facebook.com/ https://maxcdn.bootstrapcdn.com/ https://analytics.google.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ https://*.youtube-nocookie.com/ https://aks.mfmdigital.ovh/ 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.gift2gamers.com https://gift2gamers.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com https://www.google.com/recaptcha https://aks.mfmdigital.ovh/ 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.gift2gamers.com https://gift2gamers.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com/ https://*.fbcdn.net/ https://*.googleusercontent.com/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io/ https://static-cdn.jtvnw.net/ https://*.ytimg.com/ https://widget.justwatch.com https://avatars.steamstatic.com/ https://avatars.akamai.steamstatic.com/ https://steamcdn-a.akamaihd.net/ https://aks.mfmdigital.ovh/ 6 frame-ancestors 'self'; object-src 'self'; 6 media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 6 default-src http: data: 'unsafe-inline' 'unsafe-eval' 6 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 6 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: ; child-src blob: ; 6 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.crazyegg.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 6 default-src 'self' data: blob: *.sitecore.com *.sitecore.net *.hhogdev.com *.stylelabs.cloud *.googleapis.com *.gstatic.com *.azureedge.net *.bolddns.net;frame-src 'self' 'unsafe-inline' https://indd.adobe.com https://www.careerarc.com https://www.facebook.com https://www.google.com https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://webinars.sitecore.com;frame-ancestors 'self' https://*.sitecore.com https://*.storylane.io;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' *.facebook.com *.facebook.net https://connect.facebook.net/en_US/fbevents.js *.google-analytics.com *.google.com *.googletagmanager.com/gtm.js https://maps.googleapis.com/ https://www.google-analytics.com 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn *.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.pardot.com/pd.js https://pi.pardot.com https://js.qualified.com/qualified.js https://scout-cdn.salesloft.com/sl.js https://scout.salesloft.com *//static.ads-twitter.com/uwt.js *//platform.twitter.com/oct.js https://analytics.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net *.google-analytics.com *.google.com *.google.bg *.googletagmanager.com https://maps.googleapis.com/ https://www.gstatic.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://wwwsitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://sitecore--c.na116.content.force.com https://www.facebook.com *.google-analytics.com *.google.com *.google.bg *.google.ca https://maps.gstatic.com/ https://maps.googleapis.com/ *.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://sitecorecdn.azureedge.net/ https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 6 frame-ancestors 'self' *.gdmissionsystems.com 6 frame-ancestors https://*.mediamarkt.se https://*.teknikproffset.se 'self' 6 frame-ancestors 'self' *.factorial.be *.factorial.ch *.factorial.co *.factorial.fr *.factorial.it *.factorial.mx *.factorial.se *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.br *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.nl *.factorialhr.pt *.factorialhr.se *.factorialhr.com 6 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 6 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://*.procaresoftware.com; 6 manifest-src 'self' *.mywebinar.net;default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.net *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net client.crisp.chat storage.crisp.chat www.googletagmanager.com *.google-analytics.com;frame-src 'self' *.mywebinar.com tpc.googlesyndication.com bid.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat www.google.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com googleads.g.doubleclick.net;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat www.google.com www.googletagmanager.com fonts.googleapis.com;font-src 'self' data: *.mywebinar.net *.mywebinar.io client.crisp.chat fonts.gstatic.com;object-src 'self' *.mywebinar.net *.mywebinar.io;frame-ancestors 'self'; 6 ; 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; connect-src *; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *; block-all-mixed-content 6 6 frame-src 'self' 6 upgrade-insecure-requests;frame-ancestors 'self'; 6 frame-ancestors 'self' https://test.authorize.net https://accept.authorize.net 6 frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com; 6 default-src 'self'; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; navigate-to *; connect-src *; 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' segra.com www.segra.com https://*.bc0a.com https://cdn.b0e8.com https://cdn.bc0a.com https://ws.zoominfo.com https://tag.demandbase.com https://go.segra.com https://so.rlcdn.com https://*.d41.co https://*.doubleclick.net https://*.googleadservices.com https://snap.licdn.com https://*.hotjar.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://tagmanager.google.com https://segra.actonservice.com https://unpkg.com; img-src 'self' data: segra.com www.segra.com https://marvel-processor.bc0a.com https://marvel-b1-cdn.bc0a.com https://a1.b0e8.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://go.segra.com https://www.linkedin.com https://p.adsymptotic.com https://px.ads.linkedin.com https://segra.actonservice.com https://www.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://ssl.gstatic.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' segra.com www.segra.com https://go.segra.com https://segra.actonservice.com https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com https://unpkg.com; font-src 'self' segra.com www.segra.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' segra.com www.segra.com https://*.youtube.com https://*.hotjar.com https://www.google.com https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; frame-ancestors 'self' segra.com www.segra.com https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; connect-src 'self' segra.com www.segra.com https://*.amazonaws.com wss://ws4.hotjar.com https://api.brightedge.com https://*.bc0a.com https://*.b0e8.com https://ixfd2-api.bc0a.com https://api.company-target.com https://go.segra.com https://*.d41.co https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://segra.actonservice.com https://www.google-analytics.com/; 6 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 6 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 6 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6 connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ampcid.google.com.br https://s.yimg.com https://bat.bing.com https://cdn-prod.securiti.ai https://app.securiti.ai https://notify.bugsnag.com/ https://dashboard.purplemetrics.com.br/; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com https://bat.bing.com https://s.yimg.com https://*.tailtarget.com https://d.tailtarget.com https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com; default-src https: 6 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://5c1a94769844ff57c63142067d9e1cdd.report-uri.com/r/t/csp/enforce; 6 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 6 default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com www.googletagmanager.com *.marketo.com pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com; object-src 'self'; base-uri 'self'; connect-src 'self' *.doubleclick.net *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *.wcgclinical.com *.doubleclick.net *.hotjar.com www.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com data:; img-src 'self' *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com data: blob:; worker-src 'self' blob: 6 default-src https: 6 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 6 child-src 'self' blob: tr.snapchat.com sc-static.net static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com *.trustedshops.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il my.matterport.com *.myfeelback.com *.kameleoon.com *.kameleoon.eu https://somfyicebucket.com actorssl-5637.kxcdn.com 6 frame-ancestors 'self' https://ihealthspot.com https://*.ihealthspot.com 6 default-src wss: https: http: data: blob:; img-src https: data: http:; style-src https: 'unsafe-inline' http:; script-src https: 'unsafe-inline' 'unsafe-eval' http:; form-action https: http:; report-uri /api/v2/csp-violation 6 default-src 'self' *.smartrecruiters.com *.clickagy.com *.zoominfo.com *.coveo.com *.fluidads.com *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com c.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.brightfunnel.com *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.terminus.services *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 6 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 6 frame-ancestors 'self' apac.marketing.adobe.com 6 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6 frame-ancestors 'self' http://*.storyblok.com/ https://*.storyblok.com/ 6 frame-ancestors https://findmyforevermate.com 6 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 6 frame-ancestors 'self' https://www.mfortune.co.uk https://www.pocketwin.co.uk https://www.drslot.co.uk https://www.mrspin.co.uk https://www.cashmo.co.uk https://www.casino2020.co.uk https://www.bonusboss.co.uk https://staging.bonusboss.co.uk https://mf-bingo.mfortune.co.uk https://pw-bingo.pocketwin.co.uk https://roulette.mfortune.co.uk https://*.weblauncher.devmfortune.co.uk https://*.devmfortune.co.uk itginternal://* 6 default-src 'self';; script-src 'self' 'unsafe-inline;; script-src-elem 'unsafe-inline' bam.nr-data.net js-agent.newrelic.com www.google-analytics.com;; connect-src bam.nr-data.net www.google-analytics.com;; img-src 'self' http://gtld-dashboard-production.s3.amazonaws.com; object-src 'none';; frame-ancestors 'none'; block-all-mixed-content; 6 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 6 script-src 'self' 6 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 6 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src data: https:; connect-src https: wss://*.hotjar.com; media-src blob: https:; object-src https:; frame-src http: https:; worker-src blob: https:; frame-ancestors 'self' https://isrvr.com http://isrvr.com https://iportal.ajginternational.com http://iportal.ajginternational.com https://share.penunderwriting.co.uk http://share.penunderwriting.co.uk https://internal.client.gallagherheath.local http://internal.client.gallagherheath.local https://my2.siteimprove.com; form-action 'self' https://analytics.clickdimensions.com *.clickdimensions.com https://www.payconnexion.com; upgrade-insecure-requests; block-all-mixed-content; manifest-src https: ; 6 frame-ancestors *.cas.cn 6 default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; 6 default-src 'self' https: 'unsafe-inline';img-src 'self' data:;base-uri 'self';frame-src 'self' data: https://www.youtube-nocookie.com 6 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; block-all-mixed-content; upgrade-insecure-requests 6 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; 6 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com https://*.loja.olx.pt 6 frame-ancestors 'self' https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 6 default-src https:;connect-src https: wss:;font-src https: data:;frame-src https: twitter:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 6 default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://app.vwo.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 6 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 5 report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://crypto-js.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-wZuPHYh4ZQjvUR2vj5D9uhS7b+N5+LvMGh5urayd9U4=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 5 frame-ancestors 'self' *.storyblok.com; 5 frame-ancestors 'self' https://aws.amazon.com *.pathfactory.com *.lookbookhq.com *.newrelic.com 5 frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 5 script-src 'sha256-nu9tVMGXtXZG4oszxe4T0guIQFguQ3i7GFYHoD2YtWU=' 'self' jobs.jobvite.com www.googletagmanager.com 5 default-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self'; 5 frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com 5 frame-ancestors 'self' https://www.entrust.com; default-src https: data: wss://*.hotjar.com; script-src 'unsafe-eval' 'self' https: 'unsafe-inline' t.contentsquare.net app.contentsquare.com; style-src https: 'unsafe-inline'; img-src https: data: *.contentsquare.net; media-src https: data: blob: mediastream:; child-src https: blob:; worker-src blob:; connect-src https: *.contentsquare.net 5 frame-ancestors 'self' hhs.gov *.hhs.gov 5 base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' *.force.com *.media.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.usercentrics.eu adservice.google.com adservice.google.com api.dc.siemens.com assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com cognito-identity.eu-west-1.amazonaws.com data.cdn.siemens.com dataplane.rum.eu-west-1.amazonaws.com dc.oracleinfinity.io dev.api.dc.siemens.com edge.api.brightcove.com geolocation.onetrust.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com www.siemens.com o1.ingest.sentry.siemens-web.com privacyportal-eu.onetrust.com profiles.siemens.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sts.eu-west-1.amazonaws.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w3.siemens.com www.facebook.com www.google.com www.google.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud mktdplp102cdn.azureedge.net 322e30018b7e4846825041773c891f42.svc.dynamics.com *.virtualevent.siemens.com go.cuenect.de partnerinfo.siemens.at hitech.at www.siemens.at resource.finnchat.com api-fra.livechatinc.com ue2gfcryae.execute-api.eu-central-1.amazonaws.com sleeknotestaticcontent.sleeknote.com images.sleeknote.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com data: tools.adlytics.net; frame-ancestors 'self' contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com; frame-src 'self' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu bid.g.doubleclick.net cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com jobs.siemens-info.com pages.siemens-info.com playout.3qsdn.com sites.siemens-info.com tpc.googlesyndication.com www.facebook.com 322e30018b7e4846825041773c891f42.svc.dynamics.com secure-fra.livechatinc.com; img-src 'self' *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com data: dc.ads.linkedin.com dc.oracleinfinity.io googleads.g.doubleclick.net metrics.brightcove.com px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com siemens.mindsphere.io siemens.sc.omtrdc.net stats.adlytics.net t.co tr.outbrain.com trc.taboola.com www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com 322e30018b7e4846825041773c891f42.svc.dynamics.com cdn.go.cuenect.net siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com partnerinfo.siemens.at hitech.at baudoku.1000eyes.de cdn.livechatinc.com cdn.livechat-files.com analytics.sleeknote.com; manifest-src 'self'; media-src 'self' *.cf.brightcove.com *.media.brightcove.com assets.new.siemens.com blob: data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net secure.brightcove.com; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ajax.googleapis.com analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com client.rum.us-east-1.amazonaws.com connect.facebook.net cookies.siemens.com d.oracleinfinity.io data.cdn.siemens.com dataplane.rum.eu-central-1.amazonaws.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com my.nanorep.com new.siemens.com www.siemens.com players.brightcove.net profiles.siemens.com scripts.demandbase.com siemensdigitalindustries.nanorep.co snap.licdn.com static.ads-twitter.com tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com mktdplp102cdn.azureedge.net wwwstage.siemens.com resource.finnchat.com cdn.livechatinc.com api.livechatinc.com api-fra.livechatinc.com secure-fra.livechatinc.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com; style-src 'self' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com new.siemens.com www.siemens.com profiles.siemens.com tools.adlytics.net w3.siemens.com; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=siemenscom-prod&sentry_release=531efa03; 5 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5 frame-ancestors 'self' https://*.yahooinc.com 5 frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 5 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 5 frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 5 frame-ancestors 'self' *.windy.com:* 5 report-uri https://appserver-5380cf24-nginx-38b604c2b1a242b2ac6c10792e8d40b0 5 frame-ancestors 'self' *.bazaarvoice.com 5 frame-ancestors https://poshmark.lightning.force.com; 5 img-src data: https: blob:; form-action https:; child-src data: https: blob:; upgrade-insecure-requests; font-src data: https:; connect-src https: wss: blob:; object-src https:; default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; media-src data: https: blob:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: 5 default-src 'self' data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.fbcdn.net *.youtube.com connect.facebook.net;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval';connect-src *.fbcdn.net www.meta.com *.www.meta.com meta.ada.support www.facebook.com/tr/;font-src data: *.fbcdn.net;img-src blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com *.youtube.com *.ytimg.com www.facebook.com/tr/ *.cdninstagram.com;media-src blob: data: *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.meta.com/tealium/ *.www.meta.com/tealium/ *.youtube.com www.meta.com/payments/ *.www.meta.com/payments/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com meta.ada.support *.fbsbx.com www.meta.com/common/referer_frame.php *.www.meta.com/common/referer_frame.php www.meta.com/help/support/ *.www.meta.com/help/support/;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 5 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com 5 frame-ancestors https://*.ionos.com https://ionos.com; 5 frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5 frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com https://cdn.jsdelivr.net https://*.mb-lounge.com https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://www.mercedesamgf1.com https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net data: blob: 'unsafe-inline' 'unsafe-eval' 5 default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 5 default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io *.demandbase.com *.company-target.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.company-target.com *.bidr.io *.rlcdn.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com *.mouseflow.com *.demandbase.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 5 frame-ancestors *.motor1.com 5 default-src 'self' *.idrive.com *.idrivesync.com https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 5 frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 5 default-src 'self'; base-uri 'self'; connect-src 'self' *.6sc.co *.6sense.com *.adnxs.com *.bugherd.com *.bugsnag.com *.clickagy.com *.company-target.com *.doubleclick.net *.google-analytics.com *.google.com *.litix.io *.mktoresp.com *.mktoutil.com *.optimizely.com *.pusher.com *.stripe.com *.techtarget.com *.trustarc.com *.wistia.com *.zoominfo.com api.lever.co bugherd-attachments.s3.amazonaws.com embedwistia-a.akamaihd.net hackerone.com; font-src 'self' data: *.bugherd.com https://fonts.gstatic.com data: *.gstatic.com *.trustarc.com *.typekit.net d2iiunr5ws5ch1.cloudfront.net; form-action 'self' *.marketo.com; frame-ancestors 'self'; frame-src 'self' *.clickagy.com *.driftt.com *.marketo.com *.optimizely.com *.pima.app *.trustarc.com *.twitter.com *.vimeo.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com; img-src 'self' blob: data: *.6sc.co *.adsymptotic.com *.agkn.com *.bidr.io *.bizible.com *.bizibly.com *.clickagy.com *.company-target.com *.crwdcntrl.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.linkedin.com *.rlcdn.com *.sitescout.com *.techtarget.com *.trustarc.com *.ttgtmedia.com *.twimg.com *.twitter.com *.wistia.com d2iiunr5ws5ch1.cloudfront.net embedwistia-a.akamaihd.net s3.amazonaws.com stags.bluekai.com t.co us-u.openx.net; media-src 'self' blob: data: *.wistia.com *.driftt.com *.trustarc.com s3.amazonaws.com embedwistia-a.akamaihd.net; script-src 'self' 'sha256-tQ198n0utIN6M+Y9GR79m8c29ngMLDzIDV42EIjfUeg=' 'sha256-NeIedUK17X1CtPtF8LVzlL/rbMI2xkRzUxTHnhzQfqk=' 'sha256-cw5LcnmMGX0GZ+AoSMP2q01hsdNtd16fltSdHeBU6RQ=' 'sha256-f8nf1yLJyUBRL2inqj1+INIzP0+CVa9Hi8Otr3Qrreg=' 'sha256-/k3Lky8OmuiUX6COqMxH79YVPvcq2c55gd/HqG7lsi0=' 'sha256-2WByjQp2bEKmAfglCfsC0ggkbkJSHmj3WCSw+jgveC0=' 'sha256-43zSHbOuMWDb2rGu3wx/gHsFF+wudWtJuIIpJYnh8Cw=' 'sha256-4ogSPhBj5gyjxtI/kkTjyHlW/2tNk4FLetX3+ik9fPs=' 'sha256-8+M6mWeVaqvmXQr6ICEeK1L8fOvFp6I+bpTpkYePz0Q=' 'sha256-beC9gSgoOLBjF6WPV9h2TG/2KJvbVTctAxQ9MTMyYbk=' 'sha256-C/XnmIDSby/TfS8o9gnXE69xiMpWlgYySjbz2ZjCghs=' 'sha256-dAMs3/Yp2SSUrhzjwbwLmPPB0soj/thHemUrM4u00O8=' 'sha256-evOIAQWlBJQ+3KMf/PHqxrFNdU5DSFFYTRb4ZcJL6jk=' 'sha256-fUPVzBO4Mo+NL5cVHRBbgZhsv1LF+vvQppJWvNHOPvA=' 'sha256-hU4B0G69nqzy1PZ5Jda591+j5XhFOmWiX9q0zyoaMsY=' 'sha256-IrV9Fg7V86Q0Cvaj3VjsYrdiSjSDh11ZL0uoRakJ1dc=' 'sha256-kOInjzOirxmZclWPSxkzctlGjV0O6JqJzqupo8lMEDw=' 'sha256-njEVDP22SRLTbvkBGYBk/bZxj3vsHZe/TM7+ykFIPtk=' 'sha256-pNPKD6tBXhkr0zBK19DIurCMWWZBViu552fpWoZY5sQ=' 'sha256-pRMbUhnw0qjc6R64b23mwCtKdCF6fTKAYnukOH7ZzOw=' 'sha256-ro0ByAljN6NGoOZb+6i8vg5PCLARZ70ABRdT5xCvHG4=' 'sha256-y3d2tvDYg+MhraoBMp/mKN9h+/v463y/LOWR/x2fNmw=' https://tagmanager.google.com *.6sc.co *.ads-twitter.com *.bizible.com *.bred4tula.com *.bugherd.com *.clickagy.com *.cloudflare.com *.demandbase.com *.driftt.com *.gartner.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com *.jsdelivr.net *.linkedin.com *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.optimizely.com *.techtarget.com *.trustarc.com *.truste.com *.twitter.com *.wistia.com *.wistia.net *.zoominfo.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net snap.licdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.googleapis.com *.jsdelivr.net *.marketo.com *.stripe.com *.twitter.com *.typekit.net *.wistia.com d2iiunr5ws5ch1.cloudfront.net; 5 frame-ancestors 'self' *.blackbaud.com; 5 frame-ancestors 'self' https://*.analog.com 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.delfi.ee 5 frame-ancestors 'self' https://*.vfc.coremedia.cloud https://digital.vfc.com; child-src * blob:; worker-src * blob:; img-src * *.contentsquare.net blob: data:; connect-src * *.contentsquare.net blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: t.contentsquare.net contentsquare.com blob: 5 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.contentful.com 'self' 5 img-src * data:; 5 frame-ancestors 'self' https://*.refinitiv.com; 5 frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; report-uri /csp-violation; 5 frame-ancestors 'self *.maxon.net 5 connect-src 'self' *.cackle.me *.maps.yandex.net api-maps.yandex.ru api.selectel.ru go.selectel.ru hog.selectel.ru chat.selectel.ru wss://chat.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://selectel.status.io/1.0/status/5980813dd537a2a7050004bd https://analytics.google.com https://api.amplitude.com https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://cackle.me https://selectel.ru https://top-fwz1.mail.ru https://tracker.softcube.com https://web.popmechanic.ru leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://*.cackle.me wss://api.selectel.ru wss://ws.selectel.ru www.facebook.com www.google-analytics.com www.youtube.com https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/macros/s/AKfycbxV2XXAR0xrDMbWAwb3zq_FLwecjfful2Co8KilO-hH9D8epb6tEML78Pq7ypkJ0dA6/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' *.cackle.me api-maps.yandex.ru calc.selectel.ru go.selectel.ru chat.selectel.ru googleads.g.doubleclick.net https://cackle.me https://forms.amocrm.ru/ https://optimize.google.com https://player.vimeo.com/ https://vk.com/ www.facebook.com www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' https://chat.selectel.ru https://cdn.selectel.ru https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cackle.me *.maps.yandex.net analytics.twitter.com api-maps.yandex.ru cdn.ampproject.org connect.facebook.net go.selectel.ru hog.selectel.ru chat.selectel.ru https://api.mindbox.ru/ https://cackle.me https://cdn.amplitude.com https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://dct.mango-office.ru https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://optimize.google.com https://s.ytimg.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://widgets.mango-office.ru https://www.google.com https://www.googleoptimize.com/optimize.js mc.yandex.ru personalization-web-stable.mindbox.ru pi.pardot.com selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' *.cackle.me https://cdn.selectel.ru/ https://chat.selectel.ru https://cackle.me https://fonts.googleapis.com https://optimize.google.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://personalization-web-stable.mindbox.ru/; upgrade-insecure-requests; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 5 frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/; upgrade-insecure-requests 5 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://iteratehq.com/ 5 default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' cdn.linkedin.oribi.io *.givelively.org *.mktoresp.com *.mktoutil.com region1.analytics.google.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com gtm-w82hjxd-otazy.uc.r.appspot.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com *.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com *.teamusa.org form.usoc.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.givelively.org abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com classy.org *.classy.org content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org *.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com *.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.givelively.org *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com region1.analytics.google.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.givelively.org adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net *.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com *.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 5 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 5 default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 5 frame-ancestors 'self' animepahe.com *.animepahe.com animepahe.org *.animepahe.org animepahe.ru *.animepahe.ru 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 5 frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 5 frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 5 frame-ancestors 'self' http://safebrands.fr https://safebrands.fr http://safebrands.com https://safebrands.com 5 default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de rirekisho.jp *.rirekisho.jp onlinecurriculo.com.br *.onlinecurriculo.com.br career.io *.career.io cvapp.ro *.cvapp.ro cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 5 frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io gdata.onlyfy.jobs *.gdata.de www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io; report-uri https://www.gdatasoftware.com/__cspreporting__ 5 default-src 'self' https://www.google.com.br https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' data: https://assets.getsmartcontent.com https://www.google.co.in https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://cdn.m-t.io https://trk.m-t.io https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://www.google.com.pa https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com 5 frame-ancestors 'self' commander.weatherops.com 5 upgrade-insecure-requests;block-all-mixed-content 5 frame-ancestors https://*.flexera.com https://*.revenera.com; 5 frame-ancestors 'self' centralnicgroup.activehosted.com; script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com snap.licdn.com diffuser-cdn.app-us1.com prism.app-us1.com wp-ui.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com www.googletagmanager.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsleadflows.net js.usemessages.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 5 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://*.beocms.de https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 5 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5 frame-src 'self' https://*.zf.com https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://players.brightcove.net https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://rec.smartlook.com https://vjs.zencdn.net https://players.brightcove.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com; frame-ancestors 'self' https://*.zf.com; 5 default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' https://royalcanin-rh.vh.localhost http://dev-eus-sc-rh.f4bf3cb6a5fb409d9866.eastus.aksapp.io http://dev-weu-sitecore-01-rh.6952f9b6f3ab41099033.westeurope.aksapp.io https://dev-weu-sitecore-02-rh.b8e8c0835ea74914b2ec.westeurope.aksapp.io https://rh-sc-stg-weu-01.staging.royalcanin.com https://rh-sc-rlt-weu-01.rlt.royalcanin.com https://stg-royalcanin-cm-01.royalcanin.com; 5 default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 5 default-src 'self' data: blob:; 5 frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 5 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5 frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 5 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 5 frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 5 upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 5 connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' https://tre3content.develop.wunder.io https://tre3content.stage.wunder.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 5 frame-ancestors 'self' https://dbwas.service.deutschebahn.com 5 upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet; 5 base-uri 'none'; default-src: 'none'; block-all-mixed-content 5 frame-ancestors deny 5 default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' http://localhost:* http://127.0.0.1:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfills.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com https://web-staging.sol-data.com https://web.aips-sol.com http://*.amplitude.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com; style-src 'unsafe-inline' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:* https://web-staging.sol-data.com https://web.aips-sol.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ http://*.jobsdb.com/ https://dpm.demdex.net/ https://*.jobstreet.com/ http://*.jobstreet.co.id http://*.jobstreet.com.my http://*.jobstreet.com.ph http://*.jobstreet.com.sg https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com https://seekasia.demdex.net 5 frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com 5 frame-ancestors 'self' https://*.salesforce.com 5 frame-ancestors self *.ncmecad.net *.adobecqms.net *.missingkids.org *.articulate.com articulateusercontent.com; 5 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 5 default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 5 base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js https://assets.adobedtm.com/launch-ENbe9d56e701d340938e112682ad21519f.min.js https://d2qrdklrsxowl2.cloudfront.net/api/configuration.js https://d2qrdklrsxowl2.cloudfront.net/api/viewer/setup/ https://d2qrdklrsxowl2.cloudfront.net/js/generated/bootstrap.built.js https://d2qrdklrsxowl2.cloudfront.net/js/generated/brightcove.v2.built.js https://d2qrdklrsxowl2.cloudfront.net/js/hapyak.js https://d2qrdklrsxowl2.cloudfront.net/js/partners/brightcovePlugin/brightcovePlugin.js https://players.brightcove.net/1485859309/experience_59ca4a72f0534d000fe052ff/live.js https://players.brightcove.net/1485859309/rJBq047Xx_default/index.min.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://a.quora.com/qevents.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/a620dac02c5d/launch-01674e2d033f.min.js https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000332.js https://cdn.mouseflow.com/projects/f51c3538-9092-4e2e-aae3-eff0161c955a.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.clarity.ms/tag/uet/135000332 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://adservice.google.com.ph/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js https://assets.adobedtm.com/launch-EN2c0e28c6709c4e27a936ae1de1381bd2.min.js https://cdn.mouseflow.com/projects/4ac367e9-d555-45b8-8c1c-21159c893c86.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js https://tpc.googlesyndication.com/sodar/UFYwWwmt.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/8b34a42b9048/94b1f86a0642/EX982a457aa31f49e98223c06cfedf70f2-libraryCode_source.min.js https://assets.adobedtm.com/launch-EN4ac663097b4c4c6483086c5b1a46bf23.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032104.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *; script-src-elem 'unsafe-inline' *; style-src-elem 'unsafe-inline' *;frame-src 'unsafe-inline' *;worker-src 'unsafe-inline' blob: *;media-src 'unsafe-inline' blob: *; 5 frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 5 default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; form-action 'self' https:; object-src https:; media-src blob: data: https:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://static.mysph.sph.com.sg;upgrade-insecure-requests; 5 default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com s.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com; 5 default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bundeswehr.de/report-uri/ 5 font-src * 5 frame-ancestors 'self' https://*.eatbook.sg https://*.mustsharenews.com https://*.tsloffice.com https://*.thesmartlocal.com https://*.thesmartlocal.id https://*.thesmartlocal.ph https://*.thesmartlocal.co.th https://*.thesmartlocal.kr https://*.thesmartlocal.jp https://*.thesmartlocal.my https://*.zula.sg; 5 frame-ancestors https://*.flexera.com https://*.revenera.com https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; 5 frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 5 frame-ancestors 'self' *.swoogo.com 5 allow 'self'; 5 frame-src https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/; script-src 'unsafe-inline' 'unsafe-eval' https://ws.zoominfo.co/ https://ws.zoominfo.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://img.en25.com/ https://extend.vimeocdn.com/ https://s1023994345.t.eloqua.com/ https://eclerx.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js ; default-src https://eclerx.com/; connect-src https://eclerx.com/ https://www.google-analytics.com/; font-src data: https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://eclerx.com/; img-src https://eclerx.com/ data: https: https://eclerx.com/ https://www.w3.org/2000/svg/; style-src https://eclerx.com/ https://fonts.googleapis.com/ 'unsafe-inline'; base-uri 'none'; object-src 'none'; 5 object-src 'self'; 5 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 5 default-src 'self' *.infinity-tracking.net *.lfeeder.com *.leadfeeder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.lfeeder.com *.leadfeeder.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org *.lfeeder.com *.leadfeeder.com; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.hotjar.com *.hotjar.io *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org; 5 frame-ancestors 'self' https://*.cemex.com https://*.podlaha.cz https://*.beton.cz https://*.valcovany-beton.cz https://www.construrama.com https://www.googletagmanager.com; img-src 'self' data: https://cdn-web.cemex.com https://cdn-web-qa.cemex.com https://cdn-web-intdev.lfgwcemex.services https://cxcdn.lfgwcemex.services https://liferayprod.cemex.com https://assets.cemex.com https://cemex.imgix.net https://aivo-assets.s3.amazonaws.com https://www.facebook.com/tr/ https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/images/ https://googleads.g.doubleclick.net/ https://www.linkedin.com/px/ https://px.ads.linkedin.com https://p.adsymptotic.com/d/px/ https://c.contentsquare.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://c.seznam.cz https://npmcdn.com/leaflet@0.7.3/dist/images/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://s916025651.t.eloqua.com https://tags.bluekai.com https://service.maxymiser.net https://www.google.com/ https://www.google.com.mx/ https://www.google.fr/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.hr/ https://www.google.cz/ https://www.google.de/ https://www.google.com.do/ https://www.google.com.eg/ https://www.google.com.gt/ https://www.google.lv/ https://www.google.com.ni/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pr/ https://www.google.es/ https://www.google.ae/ https://www.google.co.uk/ https://www.google.com.sv/; 5 default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 5 default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 5 object-src 'none'; form-action 'self'; frame-ancestors 'none' 5 default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 5 base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 5 default-src 'self' https:; img-src 'self' https: data:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; object-src 'none' 5 default-src https: 'unsafe-eval' 'unsafe-inline' 5 upgrade-insecure-requests; block-all-mixed-content; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' www.google.com/pagead/landing adservice.google.com/pagead/regclk www.google-analytics.com/j/collect www.google-analytics.com/g/collect stats.g.doubleclick.net/j/collect region1.google-analytics.com region1.google-analytics.com/g/collect www.googletagmanager.com/a maps.googleapis.com/maps/api/mapsjs/ bat.bing.com/action/0 bat.bing.com/actionp/0 www.facebook.com/tr/ api.personio.de/recruiting/applicant stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com data:;frame-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;child-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;img-src 'self' cdn.jtl-software.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.google.ae/pagead/ www.google.at/pagead/ www.google.ba/pagead/ www.google.be/pagead/ www.google.br/pagead/ www.google.ca/pagead/ www.google.co.in/pagead/ www.google.co.uk/pagead/ www.google.com/pagead/ www.google.com.au/pagead/ www.google.com.tr/pagead/ www.google.com.ua/pagead/ www.google.com.pk/pagead/ www.google.ch/pagead/ www.google.cz/pagead/ www.google.de/pagead/ www.google.dk/pagead/ www.google.es/pagead/ www.google.fr/pagead/ www.google.ge/pagead/ www.google.hr/pagead/ www.google.hu/pagead/ www.google.ie/pagead/ www.google.it/pagead/ www.google.lu/pagead/ www.google.nl/pagead/ www.google.pl/pagead/ www.google.com.sa/pagead/ www.google.se/pagead/ www.google.sk/pagead/ www.google.co.kr/pagead/ www.google-analytics.com/collect region1.google-analytics.com/g/collect www.googletagmanager.com/a maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage maps.gstatic.com/mapfiles/ maps.googleapis.com/maps/vt lh3.ggpht.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com/maps/api/mapsjs/gen_204 bat.bing.com/action/0 www.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com img.youtube.com i.ytimg.com bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.google.com/pagead/conversion_async.js www.google.com/pagead/1p-conversion/ www.googleadservices.com/pagead/conversion_async.js www.googleadservices.com/pagead/conversion/ tpc.googlesyndication.com/sodar/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.recaptcha.net/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/api.js ssl.google-analytics.com/ga.js www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/ecommerce.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/js maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.youtube.com/iframe_api www.youtube.com/s/player/ jira.jtl-software.de stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com jira.jtl-software.de crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline'; 5 default-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.youtube.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.bizible.com *.engagio.com *.googletagmanager.com *.google.com *.cookiebot.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.licdn.com *.bing.com *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.joinsherpa.io *.wistia.net *.airpr.com *.marketo.net *.zdassets.com *.zopim.com *.demandbase.com *.zoominfo.com *.expedia.com *.googleoptimize.com *.clarity.ms *.wistia.com *.pathfactory.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googleapis.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.marketo.com *.joinsherpa.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.pathfactory.com *.hotjar.com; img-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.gstatic.com *.expedia.com *.bizible.com *.google-analytics.com *.linkedin.com *.adsymptotic.com *.bing.com *.doubleclick.net *.facebook.com data: *.joinsherpa.io *.joinsherpa.com *.airpr.com *.bizibly.com *.zopim.io *.zoominfo.com *.clarity.ms *.wistia.com *.wistia.net *.pathfactory.com *.hotjar.com; media-src 'self' *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.com *.egencia.ca *.egencia.ro *.youtube.com *.wistia.com *.vimeo.com *.zdassets.com *.cloudfront.net blob:; frame-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com; frame-ancestors 'self' egencia.lookbookhq.com egencia.pathfactory.com *.egencia.com egencia--sitestudio.eu25.force.com; child-src www.google.com *.gstatic.com *.youtube.com *.egencia.com *.youtube.com *.wistia.com *.vimeo.com blob:; font-src 'self' *.amazonaws.com *.cloudfront.net fonts.gstatic.com fonts.googleapis.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca data: *.joinsherpa.io cdnjs.cloudflare.com *.pathfactory.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.google-analytics.com *.joinsherpa.io *.joinsherpa.com *.mktoresp.com *.zdassets.com *.zopim.com *.company-target.com wss://widget-mediator.zopim.com dpm.demdex.net *.expedia.com wss://*.iot.us-west-2.amazonaws.com *.clarity.ms *.ably.io *.ably-realtime.com *.wistia.com *.wistia.net wss://*.ably.io *.cookiebot.com *.zoominfo.com *.pathfactory.com *.hotjar.com wss://*.hotjar.com *.hotjar.io; upgrade-insecure-requests 5 default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://*.gartner.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; 5 default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 5 frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 5 frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 5 frame-ancestors 'self' https://www.bosoy-online.com 5 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google-analytics.com cdn.jsdelivr.net wererxrzmp.com main-ti-hub.com jkha742.xyz *.cstwpush.com *.wpadmngr.com *.wpshsdk.com *.cabnnr.com *.wpushsdk.com *.swwpush.com *.forlumineoner.com forlumineoner.com *.mfcewkrob.com iogjhbnoypg.com baradoot.com *.nawpush.com futureocto.com 69v.club *.ampproject.org s7.addthis.com *.addthis.com z.moatads.com v1.addthisedge.com *.pinterest.com *.odnoklassniki.ru *.ok.ru vk.com *.vk.com *.facebook.net opvanillishan.com *.googleusercontent.com matureroute.com;img-src 'self' 'unsafe-inline' data: blob: * android-webview-video-poster:;connect-src * 'unsafe-inline';media-src * blob:;font-src * data:;frame-src erkiss.live *.erkiss.club jkha742.xyz s7.addthis.com *.pinterest.com;report-uri /ajax/csp_report.php 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.cloudinary.com cdn.cookielaw.org pr.globenewswire.com *.trustpilot.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com cdn.ampproject.org *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn; style-src 'self' pr.globenewswire.com 'unsafe-inline' *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; font-src 'self' cdnjs.cloudflare.com pr.globenewswire.com *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; img-src 'self' hms-networks.com *.hms-networks.com *.intesis.com *.ixxat.com *.ewon.biz *.anybus.com *.sitefinity.cloud *.livechat-static.com *.livechat-files.com *.livechatinc.com *.cloudinary.com *.dynamics.com *.windows.net *.cookielaw.org pr.globenewswire.com ml-eu.globenewswire.com https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.hms-networks.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com *.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com platform.twitter.com/css/ *.twimg.com data: blob: *.googletagmanager.com *.wistia.net *.hms-networks-data.com *.zdusercontent.com; media-src 'self' *.cloudinary.com pr.globenewswire.com ml-eu.globenewswire.com t2mstatus.com api.stockdio.com *.hms-networks.com *.azureedge.net data: blob: *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; frame-ancestors 'self' *.hms-networks-data.com hms-stg.sitefinity.cloud *.hms-networks.com hms-local.sitefinity.cloud *.zendesk.com *.zdusercontent.com; child-src 'self' console.cloudinary.com cloudinary.com blob: *.youku.com pr.globenewswire.com *.trustpilot.com hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ *.dynamics.com *.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn; connect-src 'self' cdnjs.cloudflare.com *.cloudinary.com *.onetrust.com cdn.cookielaw.org pr.globenewswire.com *.windows.net *.dynamics.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net accounts.google.com https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn; 5 frame-ancestors 'self' https://analyse.dipf.de/ http://analyse.dipf.de/; 5 worker-src * 5 default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 5 connect-src log.wien maps.nextbike.net *.googleapis.com *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' https://www.facebook.com/tr/; style-src https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri 'self' *.onlim.com; script-src https://app.onlim.com/chat-app/js/host.js *.onlim.com *.adform.net *.googletagmanager.com connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.usabilla.com/ *.googletagmanager.com/ *.googleadservices.com https://googleads.g.doubleclick.net/ *.onlim.com/; frame-src *.wienit.at lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' https://langenacht.orf.at youtu.be *.wienit.at/ *.wienernetze.at/ *.facebook.com *.youtu.be; media-src 'self' data: *.onlim.com; img-src *.wienernetze.at/ wienitedv.d3.sc.omtrdc.net facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' *.facebook.com https://www.google.at/pagead/ https://www.google.com/pagead/; default-src 'self'; font-src https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self'; 5 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 5 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 5 frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 5 form-action 'self'; 5 upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 5 frame-ancestors 'self' *.usabilla.com https://frontend.pttn.com https://d6tizftlrpuof.cloudfront.net; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com fast.fonts.net siteimproveanalytics.com snap.licdn.com *.googleapis.com *.cloudfront.net ipmeta.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net p.typekit.net use.typekit.net; font-src 'self' data: fast.fonts.net fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: www.faegrebd.com *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com; frame-src 'self' *.google.com cdn.yoshki.com faegredrinker.mediasite.com html5-player.libsyn.com player.pbs.org legaltalknetwork.com sho.co *.youtube.com *.vimeo.com podcast-stream.wbez.org *.embedly.com; connect-src 'self' *.google-analytics.com analytics.google.com fast.fonts.net *.doubleclick.net cdn.linkedin.oribi.io ipmeta.io; upgrade-insecure-requests; block-all-mixed-content; 5 frame-ancestors 'self' https://portais.cruzeirodosuleducacional.edu.br https://noticias.cruzeirodosuleducacional.edu.br https://www.cruzeirodosuleducacional.edu.br https://www.cruzeirodosulvirtual.com.br https://www.cruzeirodosul.edu.br https://www.unicid.edu.br https://www.unifran.edu.br https://www.unipe.edu.br https://www.udf.edu.br https://www.modulo.edu.br https://www.fass.edu.br https://www.ceunsp.edu.br https://www.cesuca.edu.br https://www.fsg.edu.br https://www.brazcubas.edu.br https://www.up.edu.br https://constesuahistoria.cruzeirodosulvirtual.com.br https://constesuahistoria.cruzeirodosul.edu.br https://constesuahistoria.unicid.edu.br https://constesuahistoria.unifran.edu.br https://constesuahistoria.unipe.edu.br https://constesuahistoria.udf.edu.br https://constesuahistoria.modulo.edu.br https://constesuahistoria.fass.edu.br https://constesuahistoria.ceunsp.edu.br https://constesuahistoria.cesuca.edu.br https://constesuahistoria.fsg.edu.br https://constesuahistoria.brazcubas.edu.br https://constesuahistoria.up.edu.br https://simule.pravaler.com.br https://cadastro.creditouniversitario.com.br 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.amplitude.com https://api.amplitude.com http://dev-embed.notion.co https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://api.smooch.io https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://cdn01.boxcdn.net https://cdn.sprig.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly http://dev-embed.notion.co https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://cdn.transcend.io https://cdn01.boxcdn.net;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;worker-src blob:;frame-src https: http: https://accounts.google.com 5 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 5 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://* 5 default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 5 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 5 frame-ancestors 'self' acc.inloggen.cooperatievgz.nl 5 frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 5 frame-ancestors 'self' *.drugsredalert.nl *.drugs-test.nl *.medialift.nl *.drugsinfo.nl *.readymag.com readymag.com *.alcoholinfo.nl *.allesoverdrinken.nl *.ledd.nl *.trimbos.nl *.drugsenuitgaan.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl *.helderopschool.nl *.geweldinjeugdzorginfo.nl *.nationaledrugmonitor.nl *.trimbosportaal.nl *.ican-app.nl; 5 report-uri https://www.eohima.org 5 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 5 report-uri https://enea.com 5 frame-ancestors 'self';frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 5 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 5 default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 5 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com *.traderstation-international.com; 5 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; report-uri /csp-report; report-to csp-report; object-src none; frame-ancestors none; 5 object-src 'none'; frame-ancestors 'self'; report-uri https://ribboncommunications.com/report-uri/enforce 5 frame-ancestors 'self' weleda.sabio.de 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 5 frame-ancestors 'self' * 5 frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://use.fontawesome.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com; connect-src self * blob: https://*.connectiverx.com data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; worker-src blob: data: gap: 5 frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 5 worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 5 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 5 default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 5 default-src: https: 'unsafe-inline' 5 default-src 'self' *.googlesyndication.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.googlesyndication.com *.googleapis.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.bugsnag.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com *.usersnap.com *.yimg.com; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com https://*.hotjar.com youtube.com www.youtube.com *.google.com *.googlesyndication.com *.googleapis.com aexp.demdex.net *.aexp.demdex.net *.omtrdc.net *.braintreegateway.com; style-src 'self' https://*.hotjar.com *.googleapis.com cloud.typography.com skymilesdining.com hello.myfonts.net/count/3b4b0c 'unsafe-inline'; font-src 'self' https://*.hotjar.com data: *.zopim.com *.gstatic.com; img-src 'self' https://*.hotjar.com cdn.buttercms.com *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com dbgcbnch6yz43.cloudfront.net *.usersnap.com *.gravatar.com *.wp.com *.yahoo.com *.facebook.com; script-src 'self' https://*.hotjar.com cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org nexus.ensighten.com *.netlify.com *.netlify.app *.stripe.com *.worldpay.com *.usersnap.com *.facebook.net *.yimg.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; media-src 'self' cdn.buttercms.com; 5 "upgrade-insecure-requests" 5 default-src 'self' https://services-customerstaging.allyo.com https://rs.fullstory.com https://trk-api.crossengage.io https://l.sharethis.com https://www.facebook.com https://www.linkedin.com https://www.snapengage.com https://privacyportal.onetrust.com https://eu2-live.inside-graph.com https://eu2-cdn.inside-graph.com wss://eu2-live.inside-graph.com https://restcountries.eu https://ipinfo.io https://services.allyo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://notifier-configs.airbrake.io https://api.airbrake.io https://cdn.cookielaw.org/consent/undefined/undefined.json https://cdn.cookielaw.org https://datastudio.google.com https://app.satismeter.com ; script-src 'self' https://eu2-live.inside-graph.com https://eu2-track.inside-graph.com http://js.maxmind.com https://js.maxmind.com https://app.crossengage.io https://trk-api.crossengage.io https://fullstory.com https://edge.fullstory.com http://browser-update.org https://www.linkedin.com https://optanon.blob.core.windows.net https://eu2-cdn.inside-graph.com https://services-customerstaging.allyo.com https://rs.fullstory.com https://freegeoip.net http://freegeoip.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://storage.googleapis.com https://ajax.googleapis.com https://app.satismeter.com https://pixel.convertize.io https://embed.typeform.com https://browser-update.org https://www.snapengage.com https://connect.facebook.net https://sjs.bizographics.com https://px.ads.linkedin.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://s3.amazonaws.com/jotrack/ https://snap.licdn.com https://services.allyo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://www.redditstatic.com https://player.vimeo.com https://fi-api.qa.predictivehire.com https://at.alicdn.com blob: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://rsms.me https://optanon.blob.core.windows.net https://eu2-cdn.inside-graph.com; font-src 'self' https://eu2-live.inside-graph.com https://eu2-track.inside-graph.com https://fonts.gstatic.com data: https://rsms.me https://use.typekit.net https://*.hotjar.com; img-src 'self' https://fonts.gstatic.com https://customer-assets.allyo.com https://i.etsystatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://eu2-cdn.inside-graph.com https://1000logos.net https://www.google-analytics.com https://www.google.de https://www.facebook.com https://stats.g.doubleclick.net https://www.snapengage.com https://optanon.blob.core.windows.net https://dev.visualwebsiteoptimizer.com https://rs.fullstory.com https://px.ads.linkedin.com https://www.linkedin.com https://www.stickpng.com https://www.google.ae https://lh3.googleusercontent.com https://www.googletagmanager.com https://i.pinimg.com https://cdn.cookielaw.org https://flagcdn.com https://googleads.g.doubleclick.net https://www.google.hu https://px.ads.linkedin.com https://alb.reddit.com https://www.snapengage.com https://browser-update.org https://*.hotjar.com data: ; connect-src 'self' https://cdn.cookielaw.org https://rs.fullstory.com https://trk-api.crossengage.io https://notifier-configs.airbrake.io https://services.allyo.com https://app.satismeter.com https://*.google-analytics.com https://privacyportal-eu.onetrust.com https://cluster.allyo.com wss://cluster.allyo.com https://content.hotjar.io https://surveystats.hotjar.io https://privacyportal.onetrust.com https://eu2-live.inside-graph.com https://in.hotjar.com wss://ws24.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io https://eu2-cdn.inside-graph.com wss://eu2-live.inside-graph.com https://vimeo.com https://fi-api.qa.predictivehire.com https://fi-api.sandbox.predictivehire.com https://cdn.linkedin.oribi.io ; frame-src 'self' data: https://www.youtube.com https://connect.facebook.net https://c.sharethis.mgr.consensu.org https://talent-pool.typeform.com https://www.jometer.com https://clickmeter.com https://trk.thematopi.com https://conversions.clickmeter.com https://jotrack.s3.amazonaws.com https://www.google.com/recaptcha/ https://player.vimeo.com https://vars.hotjar.com ; object-src 'self' data: https://www.youtube.com ; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com *.facebook.net wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 5 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 5 frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io; font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 5 default-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri /csp-report.php; 5 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net https://app.vwo.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 5 default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; worker-src blob: 5 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 5 frame-ancestors 'self' https://gtranslate.io; 5 default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: blob: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval' 5 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 5 font-src 'self'; 5 report-uri https://www.24go.me 5 default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5 frame-ancestors 'self' sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br *.hotmart.com http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly; 5 frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 5 default-src https: data: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors https://*.qq.com 4 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com:* https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* https://www.google.com https://news.google.com https://www.google.co.uk https://amp-cnn-com.cdn.ampproject.org courageousstudio.com; 4 frame-ancestors 'self' *.cnbc.com *.acorns.com; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.amplitude.com https://api.amplitude.com http://dev-embed.notion.co https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://api.smooch.io https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://info.notion.com http://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io http://www.youtube.com https://js.partnerstack.com https://analytics.tiktok.com/ https://cdn01.boxcdn.net https://cdn.sprig.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly http://dev-embed.notion.co https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://telemetry.transcend.io https://x.clearbitjs.com http://x.clearbitjs.com http://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://info.notion.com http://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io http://www.youtube.com https://js.partnerstack.com https://grsm.io/ https://analytics.tiktok.com/ https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com fonts.gstatic.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com http://track.customer.io https://track.customer.io https://*.mux.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://cdn.transcend.io fonts.googleapis.com https://cdn01.boxcdn.net;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;worker-src blob:;frame-src https: http: https://accounts.google.com 4 default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://embed.typeform.com https://js.driftt.com https://widget.drift.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://click.appcast.io https://bat.bing.com https://*.clarity.ms https://epam.widget.insent.ai https://www.redditstatic.com https://*.cookiepro.com https://*.onetrust.com https://rum-static.pingdom.net https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com https://*.clarity.ms https://*.analytics.google.com https://*.cookiepro.com https://*.onetrust.com https://cookies-data.onetrust.io https://apm-cluster6.cloudapp.epam.com https://service.infongen.com https://t.visitorqueue.com https://cdn.linkedin.oribi.io;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://form.typeform.com https://player.vimeo.com https://embed.podcasts.apple.com https://js.driftt.com https://widget.drift.com https://optimize.google.com https://epam.widget.insent.ai;img-src 'self' * data: blob: about: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/interaction/csp-report 4 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* *.twitter.com *.twimg.com *.ads-twitter.com vk.com *.vk.com ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net *.hotjar.com:* *.hotjar.io wss://*.hotjar.com p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com *.pushnotifications.pusher.com js.pusher.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft d2yyd1h5u9mauk.cloudfront.net web.delighted.com cdn.iframe.ly change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com *.hotjar.com *.hotjar.io d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: https://fonts.gstatic.com data:; connect-src https: wss:; img-src https: data:; worker-src blob: https:; media-src https: blob:; 4 frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com *.viceops.net 4 upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster:; 4 frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca https://*.us.adp; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4 upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 4 frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 4 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.lpsnmedia.net *.liveperson.net *.doubleclick.net http://ad.doubleclick.net analytics.twitter.com assets.adobedtm.com bat.bing.com cdn3.nowinteract.com *.clicktale.net *.tvsquared.com connect.facebook.net imp3.nowinteract.com *.googlesyndication.com s2.go-mpulse.net secure.quantserve.com *.qualtrics.com smct.co track.uniqodo.com *.assistant.watson.appdomain.cloud www.dwin1.com www.google-analytics.com www.googletagmanager.com static.ads-twitter.com staging-liveperson-dtm.herokuapp.com cdn.tt.omtrdc.net *.demdex.net *.cloudfront.net ssl.google-analytics.com ecustomeropinions.com universal.iperceptions.com sd.iperceptions.com britishskybroadcasti.tt.omtrdc.net cti.w55c.net platform.twitter.com www.awin1.com s0.2mdn.net www.zenaps.com *.google.com *.google.co.uk *.google.ie data1.ablapol.com www.facebook.com *.optimizely.com cdn.spatialbuzz.com cdn.privacy-mgmt.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com www.gstatic.com *.8thwall.com cdnjs.cloudflare.com rules.quantcount.com t.contentsquare.net contentsquare.com app.contentsquare.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com dmp.vfwmrm.net match.adsrvr.org pm.w55c.net tr.snapchat.com secure.adnxs.com www.uqd.io *.yimg.com yahoo.com smct.co js.smct.co smct.io js.smct.io js-cdn.dynatrace.com unpkg.com maps.googleapis.com cdn.co-buying.com *.yext-pixel.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com assets.sitescdn.net content.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com www.google-analytics.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com fonts.googleapis.com assets.sitescdn.net; font-src 'self' data: *.sky.com fonts.gstatic.com http://fonts.gstatic.com *.skyassets.com use.typekit.net *.google.com *.google.co.uk *.google.ie sky.lucidcx.com cdn.8thwall.com tr.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io fonts.gstatic.com; img-src 'self' data: android-webview-video-poster: *.sky.com http://search.sky.com *.doubleclick.net *.skyassets.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com www.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com cdn.8thwall.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com http://t.newsletter.contact.sky *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io maps.gstatic.com maps.googleapis.com a.mktgcdn.com *.yext-pixel.com aax-eu.amazon-adsystem.com; connect-src 'self' blob: android-webview-video-poster: *.sky.com wss://*.sky.com *.skyassets.com *.bskyb.com api.amplitude.com bat.bing.com *.bf.dynatrace.com britishskybroadcasti.tt.omtrdc.net *.clicktale.net *.optimizely.com cdn.privacy-mgmt.com *.demdex.net *.doubleclick.net *.assistant.watson.appdomain.cloud *.qualtrics.com vip.timezonedb.com www.google-analytics.com api.amplitude.com *.go-mpulse.net *.akstat.io api.iperceptions.com www.facebook.com www.zenaps.com *.google.com *.google.co.uk *.google.ie s0.2mdn.net *.contentstack.io help-search-api-stage.herokuapp.com wss://*.liveperson.net *.lpsnmedia.net cdn.spatialbuzz.com prod-my-photo-api.herokuapp.com track.uniqodo.com connect.facebook.net engagement.uniqodo.com www.gstatic.com *.liveperson.net assets.adobedtm.com *.tvsquared.com *.googlesyndication.com www.googletagmanager.com wss://127.0.0.1 *.contentsquare.net www.googleadservices.com *.lucidcx.com awk.epgsky.com production-retriever.herokuapp.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk *.yimg.com smct.co smct.co js.smct.co smct.io js.smct.io ipb.smct.co ipb.smct.io cfg.smct.co cfg.smct.io ep.smct.co ep.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com maps.googleapis.com liveapi.yext.com poc.idscan.cloud prod.idscan.cloud *.yext-pixel.com spl.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net www.google-analytics.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net tr.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob:; media-src 'self' data: *.sky.com *.skyassets.com http://static.video.sky.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com www.google-analytics.com *.contentsquare.net *.googlesyndication.com; object-src 'self' *.sky.com; prefetch-src 'self' *.sky.com *.bskyb.com; report-uri /csp-reports 4 report-uri /v1/csplog; block-all-mixed-content 4 frame-ancestors 'self' https://*.t-online.de; 4 default-src 'self' *.garmin.com https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com; connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com *; script-src 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com; font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src https://www.google-analytics.com https://stats.g.doubleclick.net 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com; frame-src *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://gum.criteo.com https://static.criteo.net; object-src 'none'; upgrade-insecure-requests 4 frame-ancestors 'self' appsec.aarp.org secure.aarp.org feeds.aarp.org test.elearn.aarp.org virtualevents.aarp.org aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org taxappointment.aarp.org banksafetraining.aarp.org; 4 default-src 'self';style-src * 'unsafe-inline';media-src * blob: ;script-src * blob: 'unsafe-inline' 'unsafe-eval';frame-src *;font-src * data: ;connect-src *;img-src * data: blob:;frame-ancestors 'none' 4 frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 4 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4 frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 4 default-src 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com yolacom.yolacdn.net www.yola.com unpkg.com *.yolacdn.net polyfill.io cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.yola.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com ts.w.org *.wikimedia.org www.youtube.com wp-themes.com data: blob:;frame-ancestors 'self'; form-action 'self'; 4 frame-ancestors 'self' https://www.google.com https://www-si-com.cdn.ampproject.org *.ex.co *.playbuzz.com *.avplayer.com; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 4 frame-ancestors 'self' https://www.google.com https://discover-hubpages-com.cdn.ampproject.org *.ex.co *.playbuzz.com *.avplayer.com; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 4 frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 4 frame-ancestors 'self' https://*.adobe.com; 4 frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 4 frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 4 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 4 frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io/partner/297948/domain/netsuite.com/token https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net; font-src 'self' data:; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 4 frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 4 frame-ancestors https://members.cafepress.com https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 4 default-src 'none'; form-action 'self'; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; prefetch-src 'self'; connect-src 'self' https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com http://ajax.googleapis.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org https://fonts.googleapis.com; img-src 'self' https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data: https://fonts.gstatic.com https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 4 connect-src 'self' https://surveystats.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com; form-action 'self' www.facebook.com feldtest.gigaset.com security.gigaset.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com; frame-ancestors 'self' www.gigaset.com *.etracker.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com; 4 default-src 'self' data: https://fonts.gstatic.com/ https://cdn.podigee.com/ https://*.podigee-cdn.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; connect-src 'self' https://cdn.cookielaw.org/ https://*.onetrust.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://assets.adobedtm.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://meinservice-dhl-sites.secure.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://depst-salaut-prod1.pegacloud.net/ https://depst-mara-dt1-decisionhub.pegacloud.net/ https://depst-mara-stg1-decisionhub.pegacloud.net/ https://depst-mara-prod1-decisionhub.pegacloud.net/ https://t.ssl.ak.tiles.virtualearth.net/ https://*.dynamic.tiles.ditu.live.com/ https://*.braintreegateway.com/ https://*.braintree-api.com/ https://braintree-sample-merchant.herokuapp.com/ https://*.heidelpay.com/ https://autocomplete2.postdirekt.de/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; img-src https: data:; form-action 'self' https://www.sofort.com/ https://*.dhl.com/ https://postaktuell-manager.deutschepost.de/ https://chatbot-marie.dhl.de/ https://chatbot-marie-tl.dhl.de/ https://chatbot-marie-rqa.dhl.de/; frame-ancestors 'self' https://facebook.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://deutschepost.elaine-asp.de/ https://*.plentymarkets-cloud-de.com/ https://*.plentymarkets-cloud-ie.com/ https://dhl.vendidero.de/ https://dhl-paket.plentymarkets-cloud02.com/ https://*.billbee.io/ https://*.dreamrobot.de/ https://tl-meinservice-dhl.cs107.force.com/; frame-src 'self' https://www.simplydhl.com/ https://deutschepost.elaine-asp.de/ https://www.youtube.com/ https://www.google.com/ https://assets.adobedtm.com/ https://rdevpro-meinservice-dhl.cs160.force.com/ https://gateway.zscalerthree.net/ https://*.braintreegateway.com/ https://payment.heidelpay.com/ https://dhlglobalmail.secure.force.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://assets.adobedtm.com/ https://cdn.tt.omtrdc.net/ https://*.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://d.la1-c1-fra.salesforceliveagent.com/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://d.la3-c2-fra.salesforceliveagent.com/ https://d.la3-c1cs-cdg.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://meinservice-dhl-sites.secure.force.com/ https://assets.braintreegateway.com/ https://static.heidelpay.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://googletagmanager.com/ https://track.adform.net/ https://www.youtube.com/ https://connect.facebook.net/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://d.la1-c1-fra.salesforceliveagent.com/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://d.la3-c2-fra.salesforceliveagent.com/ https://d.la3-c1cs-cdg.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://assets.braintreegateway.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; style-src 'self' 'unsafe-inline' https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; report-uri /bin/csp/report 4 frame-ancestors https://*.complex.com 4 frame-ancestors 'self' *.directnic.net 4 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com http://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://images.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.polyfill.io https://polyfill.io https://*.smartystreets.com https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://secure.gravatar.com https://*.embed.ly https://yoast.com https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://*.qualaroo.com https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://connect.facebook.net https://www.facebook.com https://adservice.google.co.in https://adservice.google.com.au https://adservice.google.ca https://*.ytimg.com https://*.verticalhealth.net https://d.turn.com https://*.demdex.net https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://bcg.coupons.com https://*.embedly.com https://*.flashtalking.com https://pixel.sbal4kp.com https://*.adnxs.com https://*.adnxs-simple.com https://tracker.samplicio.us https://choices.truste.com https://choices.trustarc.com https://cf.adxcel.com https://*.accelerator.ibm.com https://*.serving-sys.com https://cdn.besafe.global https://api.lever.co https://*.segment.io https://*.segment.com https://*.userzoom.com https://sc.iasds01.com https://sb.voicefive.com https://*.scorecardresearch.com https://*.iqfp1.com https://*.dvtps.com https://*.pxsrv.net https://*.zentrick.com https://*.zentrick.name https://*.unwrapper.io https://*.dvva.io https://js.stripe.com https://www.redditstatic.com https://alb.reddit.com https://wsdk.rokt.com https://*.speedcurve.com https://fast.wistia.com https://platform.twitter.com https://*.doceree.com https://*.liadm.com https://www.medtargetsystem.com https://*.hcn.health https://thrtle.com https://trc.lhmos.com https://api.prod.projectexodus.us https://js.appboycdn.com https://*.braze.com https://use.fontawesome.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com https://intercom-sheets.com https://*.heydoctor.io https://*.deepintent.com https://*.moatads.com https://*.s.moatpixel.com https://*.adform.net https://*.jwpcdn.com https://*.jwplayer.com https://*.jwplatform.com https://*.jwpltx.com https://*.jwpsrv.com https://*.mux.com https://videos-fms.jwpsrv.com https://videos-cloudflare.jwpsrv.com https://*.datadoghq.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://pswec.com https://*.pswec.com https://sync.graph.bluecava.com https://*.adsrvr.org https://*.parsely.com https://*.qualtrics.com https://res.lassomarketing.io https://*.gvt1.com https://*.googlevideo.com https://*.quantummetric.com https://*.innovid.com https://btloader.com https://*.btloader.com https://ad-delivery.net https://*.ad-delivery.net https://*.ads2ads.net https://*.ads.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://*.videoamp.com https://ecp-prd-data.s3.us-west-2.amazonaws.com https://secure-gl.imrworldwide.com https://*.trustpilot.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 4 frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms 4 connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 4 frame-ancestors 'self' https://webvisor.com 4 default-src 'self' data: wss: blob blob: 'unsafe-eval' 'unsafe-inline' *.2o7.net *.ac-systems.com *.adobe.com *.adobedtm.com *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be.seg.js *.telenet.be:* *.telenetcampagnes.be *.tiqcdn.com *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://eur01.safelinks.protection.outlook.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://cookies-data.onetrust.io https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://widget.euw1.chat.pega.digital *.webgains.com *.webgains.io;img-src 'self' data: data blob blob: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 4 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.admitad.ru *.stage.monetize *.tinkoff.ru *.smartredirect.de mtusgate.de linkitten.com mtusimg.de convertlink.com pmf.tech *.pmf.tech fairsavings.com *.fairsavings.com *.admitad.com *.admit.ad *.admitad.academy mitgo.com *.mitgo.com takeads.com *.takeads.com univibes.org *.univibes.org *.ads-twitter.com *.trustpilot.com *.zopim.io *.zopim.com *.smooch.io *.zdassets.com *.zendesk.com *.consentmanager.net *.mindbox.cloud *.popmechanic.ru *.gravatar.com *.facebook.net *.facebook.com *.fb.com *.consensu.org *.amazonaws.com *.twitter.com *.instagram.com *.tiktok.com *.webvisor.org *.quizyworld.tech *.linkedin.com *.ampproject.org yastatic.net *.yandex.com *.yandex.net *.yandex.ru *.ya.ru *.mail.ru vk.com *.scriptcdn.net *.typekit.net *.google.net *.google.io *.google.eu *.google.su *.gooogle.com *.gogle.com *.com.google *.google.be *.google.by *.google.ca *.google.cn *.g.cn *.google.dk *.google.ee *.google.fi *.google.gg *.google.gr *.google.hr *.google.hu *.google.is *.google.it *.google.co.jp *.google.kz *.google.lv *.google.md *.google.com.mx *.google.nl *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.com.ua *.google.ua *.google.us *.google.co.uz *.google.de *.google.cz *.google.at *.google.ae *.google.com.co *.google.com.do *.google.jo *.google.gl *.google.sc *.google.co.ve *.google.com.uv *.google.co.ao *.google.co.in *.google.bg *.google.com *.googleapis.com *.translate.goog *.gstatic.com *.google.co.uk *.google.com.tr *.google.fr *.google.es *.google.com.eg *.google.com.cy *.google.ge *.google.co.id *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.adwords.com *.adwords.ru *.adsense.com *.adsense.ru *.feedburner.com *.doubleclick.com *.doubleclick.net *.igoogle.com *.youtu.be *.youtube.com *.youtube.ru *.blogger.com *.chromium.com *.setka.io *.google.com.gh ymetrica1.com *.google.com.pk *.google.com.br *.google.co.th *.google.com.vn *.google.lt; report-uri /wp-json/csp-log/v1/report 4 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 4 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com https://player.vimeo.com https://www.recaptcha.net data: blob:; connect-src 'self' https://*.lift.acquia.com https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://bam-cell.nr-data.net https://sheets-proxy.knightlab.com https://cdn.cookielaw.org https://*.onetrust.com wss://*.hotjar.com https://csp.withgoogle.com/csp/lcreport https://csp.withgoogle.com/csp/lcreport/009740c9-f487-4513-8701-6eae104d7bed https://cdn.linkedin.oribi.io https://cdn.acsbapp.com/cache/app/www-dev.ul.com/config.json https://cdn.acsbapp.com/cache/app/ https://process.acsbapp.com/apps/app/; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data: https://*.ul.com https://fast.wistia.com/ https://acsbapp.com/apps/app/dist/fonts/acsbi.ttf https://acsbapp.com/apps/app/dist/fonts/; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com https://optimize.google.com https://www.recaptcha.net https://*.addtoany.com https://11349830.fls.doubleclick.net http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://airtable.com https://cse.google.com/cse_v2/ads https://12500278.fls.doubleclick.net; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://www.ul.com https://www-stage.ul.com https://legacy-uploads.ul.com https://optimize.google.com https://s.ml-attr.com/getuid https://secure.adnxs.com/getuid https://attr.ml-api.io https://pixel.mathtag.com https://cdn.cookielaw.org data: https://collateral-library-production.s3.amazonaws.com https://*.ul.com https://*.adnxs.com https://*.gstatic.com/images https://*.googleapis.com https://clients1.google.com https://clients1.google.com/generate_204 https://googleads.g.doubleclick.net https://web1.acsbapp.com/apps/app/dist/media/; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com https://optimize.google.com https://cdn.c212.net https://c212.net https://pixel.mathtag.com https://commons.ul.com/* https://ww2.ul-renewables.com http://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com blob: https://app-ab48.marketo.com https://www.google.com/recaptcha/api.js https://browser-update.org/update.min.js https://browser-update.org/update.show.min.js https://cse.google.com https://www.google.com https://cse.google.com/cse.js https://partner.googleadservices.com/gampad/cookie.js https://cse.google.com/adsense/search/async-ads.js https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://acsbapp.com/apps/app/dist/js/app.js https://cdn.acsbapp.com/cache/app/www-dev.ul.com/config.json https://cdn.jsdelivr.net https://cdn.knightlab.com https://code.jquery.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://optimize.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.google.com https://cdn.jsdelivr.net https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self'; report-uri https://ulcsp.report-uri.com/r/t/csp/reportOnly 4 default-src 'self' *.talent.com *.neuvoo.com neuvoo.com neuvoo.ca *.acsbapp.com acsbapp.com js.stripe.com fonts.gstatic.com fonts.googleapis.com *.google.com *.doubleclick.net s3.amazonaws.com *.googlesyndication.com *.atlassian.net *.googleapis.com *.cookielaw.org *.onetrust.com *.bing.com; img-src https: 'unsafe-inline' data: 'unsafe-eval' 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de www.med-jobs.com; frame-src *.google.com *.doubleclick.net *.googlesyndication.com *.talent.com talent.com *.stripe.com *.atlassian.net *.hotjar.com; worker-src data: *.talent.com 'unsafe-eval' 'unsafe-inline' blob:; 4 default-src 'self' *.vidyard.com *.onetrust.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src *; frame-src *; font-src * data:; media-src *; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://optimize.google.com ;frame-src self https://6337982.fls.doubleclick.net https://*.loopnet.com http://*.loopnet.com https://*.loopnet.co.uk http://*.loopnet.co.uk http://*.loopnet.ca https://*.loopnet.ca https://*.costargroup.com https://www.facebook.com https://servedby.flashtalking.com https://adclick.g.doubleclick.net/ https://optimize.google.com https://*.googlesyndication.com/ https://s0.2mdn.net/ https://console.googletagservices.com/ https://*.adsrvr.org/ https://www.googletagservices.com https://www.google.com https://*.cybersource.com/ https://*.doubleclick.net/ https://*.firebaseapp.com/ https://*.us.criteo.com https://*.criteo.com https://*.criteo.net https://dynamic.criteo.com https://static.criteo.net criteo.net criteo.com *.criteo.com *.criteo.net https://players.brightcove.net https://www.youtube.com https://flickrembed.com https://*.knightlab.com https://viewer.panoskin.com https://my.matterport.com https://accounts.google.com https://*.ten-x.com https://*.pendo.io https://costar.brightspotcdn.com https://costar-brightspot-lower.s3.amazonaws.com https://flo.uri.sh https://tpc.googlesyndication.com https://tpc.googlesyndication.com; 4 frame-ancestors 'self' http://info.barchart.com 4 default-src 'self' *.youtube.com *.graphassets.com; connect-src 'self' *.intercomcdn.com *.pinterest.com *.intercomassets.com *.analytics.yahoo.com *.gstatic.com *.facebook.com data: i.ytimg.com t.co *.ads-twitter.com *.amazon-adsystem.com cx.atdmt.com *.intercomcdn.com *.medium.com *.fbcdn.net *.facebook.com static.intercomassets.com *.clarity.ms sentry.cloudwalk.io cdn.amplitude.com s.yimg.com s.pinimg.com sp.analytics.yahoo.com analytics.tiktok.com forms.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.intercomcdn.com *.facebook.net *.gstatic.com *.facebook.com *.google.com *.google.com.br *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.pinterest.com *.hubspot.com *.infinitepay.io *.intercom.io *.googleapis.com *.google-analytics.com *.hotjar.io *.hotjar.com wss://nexus-websocket-a.intercom.io *.youtube.com *.graphcms.com *.graphassets.com *.twitter.com *.stellate.sh api.rudderlabs.com cloudwalk-dataplane.rudderstack.com/v1/page cloudwalk-dataplane.rudderstack.com/v1/track *.infinitepay.io; base-uri 'self'; font-src 'self' *.gstatic.com *.intercomcdn.com *.googleapis.com; form-action 'self' connect.facebook.net *.facebook.com intercom-sheets.com *.intercom.io *.intercomcdn.com intercomusercontent.com js.intercomcdn.com intercom.help; frame-src 'self' intercom-sheets.com *.intercom-reporting.com *.pinterest.com *.amazon-adsystem.com *.infinitepay.io *.online-metrix.net *.google.com *.googletagmanager.com *.facebook.com *.youtube.com *.doubleclick.net s.amazon-adsystem.com ct.pinterest.com; media-src 'self' *.youtube.com *.graphcms.com *.graphassets.com data:; img-src 'self' *.intercomcdn.com *.pinterest.com *.intercomassets.com *.analytics.yahoo.com *.gstatic.com *.bing.com data: i.ytimg.com t.co *.ads-twitter.com *.amazon-adsystem.com cx.atdmt.com *.intercomcdn.com *.medium.com *.fbcdn.net *.facebook.com static.intercomassets.com sentry.cloudwalk.io s.yimg.com s.pinimg.com sp.analytics.yahoo.com analytics.tiktok.com forms.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.intercomcdn.com *.amplitude.com *.facebook.net *.gstatic.com *.google.com *.google.com.br *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.pinterest.com *.hubspot.com *.infinitepay.io *.intercom.io *.googleapis.com *.google-analytics.com *.hotjar.io *.hotjar.com *.youtube.com *.graphcms.com *.graphassets.com *.placeholder.com *.twitter.com *.clarity.ms *.infinitepay.io data: *.graphcms.com *.graphassets.com; object-src 'self' data: *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self' *.infinitepay.io intercom-sheets.com intercom-reporting.com *.youtube.com intent: itms-appss: *.doubleclick.net infinitepay.io *.infinitepay.io *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intercomcdn.com *.pinterest.com *.intercomassets.com *.analytics.yahoo.com *.gstatic.com *.facebook.com data: i.ytimg.com t.co *.ads-twitter.com *.amazon-adsystem.com cx.atdmt.com *.intercomcdn.com *.medium.com *.fbcdn.net static.intercomassets.com viacep.com.br sentry.cloudwalk.io *.clarity.ms cdn.amplitude.com s.yimg.com s.pinimg.com sp.analytics.yahoo.com analytics.tiktok.com forms.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.intercomcdn.com *.amplitude.com *.facebook.net *.gstatic.com *.facebook.com *.google.com *.google.com.br *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.pinterest.com *.hubspot.com *.infinitepay.io *.intercom.io *.googleapis.com *.google-analytics.com *.hotjar.io *.hotjar.com *.youtube.com *.graphcms.com *.graphassets.com *.twitter.com api.rudderlabs.com/sourceConfig cloudwalk-dataplane.rudderstack.com/v1/page cloudwalk-dataplane.rudderstack.com/v1/track *.infinitepay.io; 4 connect-src 'self' https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com.preprod/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com https://metrics-apm-d01.clients.dev.france:8200 http://*.datatables.net https://www.googleapis.com;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.doubleclick.net *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com http://*.googleapis.com https://*.googleapis.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com https://app.mailjet.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com *.index-education.net data:;img-src 'self' https://*.index-education.com ndx.plus *.ndx.plus *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.linkedin.com data:; 4 frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com experience.adobe.com 4 default-src * data:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com cloudflare.com *.cloudflare.com boomtrain.com *.boomtrain.com 4 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.googleoptimize.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://*.intercom.io https://js.intercomcdn.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://static.userback.io https://www.eventbrite.com; report-uri /api/csp-reports 4 frame-ancestors 'self' *.ampproject.org *.zdbb.net 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com *.buzzsprout.com *.visualwebsiteoptimizer.com *.vwo.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo *.typekit.net *.zoominfo.com data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com *.vwo.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/; media-src 'self' *.googleapis.com webtest2.geotab.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 4 frame-ancestors 'self' https://www.gi-de.com/ https://gi-de-ms.my.salesforce.com/ https://gi-de-ms--uat.my.salesforce.com/ https://gi-de-ms--dev.my.salesforce.com/ https://gi-de-ct--test.my.salesforce.com/ https://gi-de-ct.my.salesforce.com/ https://gi-de-vd.my.salesforce.com/ https://gi-de-vd--vduat.my.salesforce.com/; 4 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.bing.com https://*.bizographics.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com data: 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com; object-src 'self'; worker-src blob 'self'; 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4 frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4 default-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sc.co t.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.contentsquare.net; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src 'self' *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src *; worker-src 'self' blob: data: 4 frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4 object-src 'none'; frame-ancestors *.tim.it; 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://script.hotjar.com/ https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://script.hotjar.com/modules.4511dadc364f0ee7084d.js https://script.hotjar.com/modules.7225c79fe4e29708c611.js https://www.googleadservices.com/ https://online2.superoffice.com/ https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js https://script.hotjar.com/modules.a6cfc71c5ac4549d913e.js https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 4 upgrade-insecure-requests; default-src 'self'; frame-src 'self' *.consentmanager.net www.youtube.com www.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net players.brightcove.net; style-src 'self' 'unsafe-inline' *.continental.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.continental.com www.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com cdn.trkkn.com unpkg.com *.consentmanager.net blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.continental.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net cdn.linkedin.oribi.io; img-src * data:; media-src * blob:; 4 worker-src 'self' blob: *.vix.tv *.vix.com; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 4 default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.facebook.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.bioz.com *.vwr.com *.googleapis.com *.facebook.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.adobedtm.com *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms; 4 frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src blob:; 4 frame-ancestors https://www.cedars-sinai.org/ https://aem-dispatcher-dev.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 4 default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io https://cdn.botframework.com https://*.myincert.com https://myincert.com https://*.traumgutscheine.com; connect-src 'self' https://*.oebb.at https://obc.railcargo.com https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io https://*.playertec.de https://powerva.microsoft.com https://graph.microsoft.com https://login.microsoftonline.com https://api.siteimprove.com; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://my.walls.io https://*.vimeo.com https://service.studiobaff.com https://*.playertec.de https://login.microsoftonline.com https://live.brame-gamification.com https://www.komoot.de; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; child-src https://www.traumgutscheine.com https://railtours.traumgutscheine.com; 4 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 4 default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4 upgrade-insecure-requests; frame-ancestors 'none'; 4 frame-ancestors 'self' *.regmovies.com *.authorize.net 4 frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world 4 frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; 4 frame-ancestors 'self' https://www.growingio.com 4 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in www.googleoptimize.com cdn.cookielaw.org privacyportal.onetrust.com *.clickagy.com *.demandbase.com match.prod.bidr.io id.rlcdn.com *.company-target.com 4 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 4 default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 4 same-origin 4 frame-ancestors 'self'; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com coinex-release.test.viadeploy.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'unsafe-inline' at.alicdn.com static.geetest.com coinex.zendesk.com coinex.zendesk.co static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com unpkg.com coinex-release.test.viadeploy.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com coinex-release.test.viadeploy.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'unsafe-inline' at.alicdn.com data: unpkg.com coinex-release.test.viadeploy.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src *.zendesk.com *.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; img-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; font-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; object-src 'self'; connect-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; frame-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io; frame-ancestors 'self' *.nielseniq.com; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com share.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm; img-src https: data:; report-uri /api/six/cspreport; report-to csp-endpoint; 4 default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 4 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 4 frame-ancestors 'self' https://help.foxtel.com.au/ https://foxtelbrand.zeroheight.com/ 4 child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: blob:; font-src 'self' data: https:; 4 object-src 'none'; script-src 'self' https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' www.googletagmanager.com https://d1af033869koo7.cloudfront.net;; script-src 'self' cdn-app.pathfactory.com app.cdn.lookbookhq.com tracker.engageclick.com cdn.catbook.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net *.6sc.co consent.trustarc.com sleeknotecustomerscripts.sleeknote.com extend.vimeocdn.com www.linkedin.com static.hotjar.com 074-hbw-141.mktoutil.com *.cloudfront.net script.hotjar.com unpkg.com s.adroll.com sleeknotestaticcontent.sleeknote.com d.adroll.com connect.facebook.net tag.demandbase.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js sfc.leadspace.com cdpn-js.figureone.com boards.greenhouse.io 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' 'unsafe-inline' https://d1af033869koo7.cloudfront.net https://*.247-inc.net consent.trustarc.com; ; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data: 'unsafe-inline' https://d1af033869koo7.cloudfront.net; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.storygize.net www.247.ai/* tfscorp.intelliresponse.com;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com www.youtube.com boards.greenhouse.io info.247.ai https://d1af033869koo7.cloudfront.net https://*.247-inc.net career4.successfactors.com;; frame-ancestors 'self' 247ai.pathfactory.com consent-pref.trustarc.com https://www.linkedin.com https: http:;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob: https://d1af033869koo7.cloudfront.net https://*.247-inc.net;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com;; connect-src 'self' info.247.ai www.google.co.in jukebox.pathfactory.com wss: secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com dev-new.www.247.ai *.mktoresp.com 074-hbw-141.mktoutil.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net bam.nr-data.net api.247-inc.net sfgw.leadspace.com fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com staging.api.cloud.247-inc.net https://d1af033869koo7.cloudfront.net api.cloud.247-inc.net https://*.247-inc.net target-web-staging.247-inc.net target-web.247-inc.net; 4 default-src 'none'; form-action 'self' mailform.ntppool.org; frame-ancestors 'none'; connect-src 'self' 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntp.report-uri.com/r/d/csp/wizard 4 default-src https: wss: ; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' * 4 frame-ancestors 'self' *.lovecrafts.com 4 img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 4 frame-ancestors 'self' *.lift.acquia.com lift.acquia.com; report-uri /report-csp-violation 4 frame-ancestors 'self' https://c360.cricketwireless.com; 4 frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv; 4 frame-ancestors 'self' *.webex.com 4 frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 4 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 4 frame-ancestors http://webvisor.com 4 frame-src *; 4 child-src 'self';worker-src * blob: 'unsafe-inline';font-src * data: 'unsafe-inline';frame-ancestors *;frame-src *;script-src-attr * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 4 default-src * 'unsafe-inline' data:; img-src * 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com https://embed.typeform.com/next/embed.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai *.typeform.com *.typekit.net; font-src 'self' data: *.googleapis.com *.adyen.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com *.typekit.net; object-src 'self' *.adyen.com; frame-src 'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com *.rsa3dsauth.co.uk *.arcot.com *.cardinalcommerce.com *.mycardsecure.com *.monzo.com *.capitalone.com *.touch.tech *.wibmo.com *.mncbank.co.id *.typeform.com *.revolut.com *.sparkassen-kreditkarten.de *.swedbank.se *.wlp-acs.com *.rabobank.nl *.tsys.co.uk *.authentication-acs.marqeta.com; form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 4 form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 4 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 4 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 4 frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 4 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 4 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4 frame-ancestors 'self' *.authorize.net 4 connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com *.apiairasia.com; frame-ancestors 'self'; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com apiairasia.com *.apiairasia.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtb.com:* https://vtb.ru:* https://*.inet.vtb https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://vtb.com:* https://vtb.ru:* https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://vtb.com:* https://vtb.ru:* https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://vtb.com:* https://vtb.ru:* https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru; frame-src 'self' 'unsafe-inline' blob: https://vtb.com:* https://vtb.ru:* https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; connect-src 'self' blob: https://vtb.com:* https://vtb.ru:* https://*.corp.dev.vtb:* https://*.inet.vtb https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net; 4 frame-ancestors https://luminati.io https://*.luminati.io https://brightdata.com https://*.brightdata.com https://www.bright.events https://brightdata.com.br https://*.brightdata.com.br https://brightdata.de https://*.brightdata.de https://brightdata.es https://*.brightdata.es https://brightdata.fr https://*.brightdata.fr https://brightdata.jp https://*.brightdata.jp https://ru-brightdata.com https://*.ru-brightdata.com https://luminati-china.biz 4 default-src 'self' *.iphouse.com data: 'unsafe-inline' 'unsafe-eval'; 4 report-uri https://bullhorn.com 4 frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 4 default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 4 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 4 default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca blob: https://assets.gameduell.de https://media.gameduell.de https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net 'report-sample'; style-src 'self' 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; report-uri /gd/rest/jslog/csp; report-to csp 4 frame-ancestors 'self' goqubit.net ; 4 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com https://www.shoplooks.com https://api.bam-x.com https://app.qubit.com https://www.pinterest.com blob: https://*.attn.tv; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.hotjar.com wss://*.hotjar.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://api.bam-x.com https://events.release.narrativ.com https://*.qubit.com https://*.qubitproducts.com https://tr.snapchat.com https://*.contentsquare.net https://*.attn.tv https://events.attentivemobile.com https://*.criteo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.skinstore.com https://m.skinstore.com https://checkout.skinstore.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.pinimg.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://analytics.tiktok.com https://*.ibytedtos.com https://static.narrativ.com https://static.goqubit.com https://*.qubit.com https://d3drxpsm374orh.cloudfront.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.attn.tv; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com; upgrade-insecure-requests; report-to report-endpoint 4 default-src 'self' https://*.canadalife.com https:; connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://*.tt.omtrdc.net https://analytics.google.com https://ct.pinterest.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.mouseflow.com https://analytics.tiktok.com; script-src 'self' 'unsafe-eval' 'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk=' 'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM=' 'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec=' 'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY=' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' 'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340=' 'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA=' 'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ=' 'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA=' 'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM=' 'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg=' https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://*.fls.doubleclick.net https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net https://s.pinimg.com/ct/ https://ct.pinterest.com https://googleads.g.doubleclick.net https://bat.bing.com/bat.js https://bat.bing.com/p/action/11042675.js https://www.googleadservices.com https://analytics.google.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.mouseflow.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://analytics.tiktok.com; style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.vidyard.com https://*.qualtrics.com https://*.force.com https://fonts.googleapis.com; img-src 'self' data: https://*.canadalife.com https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://*.fls.doubleclick.net https://maps.googleapis.com https://px.ads.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://analytics.twitter.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/ https://www.google.com/ads/ https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.ca/pagead/ https://t.co/i/ https://s.pinimg.com/ct/ https://ct.pinterest.com https://bat.bing.com https://*.force.com https://ca-gmtdmp.mookie1.com; font-src 'self' data: https://*.canadalife.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com; frame-src 'self' https://play.vidyard.com https://*.qualtrics.com https://www.youtube.com https://www.pinterest.com https://gwl.demdex.net https://*.force.com https://www.google.com; child-src https://*.canadalife.com https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net; object-src 'none'; base-uri 'none'; 4 frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://thuismy.t-mobile.nl https://app.storyblok.com 4 default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; worker-src * blob:; font-src * data: 4 default-src 'self'; connect-src 'self' use.typekit.net cdn.linkedin.oribi.io stats.g.doubleclick.net f.clarity.ms www.facebook.com api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net forms.hsforms.com forms.hs-forms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-banner.com; prefetch-src 'self' js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' use.typekit.net data:; frame-src app.hubspot.com player.vimeo.com www.facebook.com bid.g.doubleclick.net forms.hsforms.com; img-src 'self' data: wp.ocelotbot.com bat.bing.com secure.adnxs.com forms.hsforms.com www.facebook.com googleads.g.doubleclick.net secure.adnxs.com secure.gravatar.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com ajax.googleapis.com www.clarity.ms bat.bing.com connect.facebook.net ws.zoominfo.com googleads.g.doubleclick.net www.googleadservices.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com js.hsforms.net forms.hsforms.com forms.hs-forms.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 4 default-src 'self' data: blob: *.conac.cn *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 4 frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 4 object-src 'none';frame-ancestors 'self' 4 frame-ancestors 'self' https://chayns.de 4 default-src 'self' *.mktoresp.com in.hotjar.com vc.hotjar.io sentry.hotjar.com *.hid.gl www.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com sentry.io cdn.cookielaw.org *.zoominfo.com www3.hidglobal.com; connect-src 'self' *.adobe.io wss://*.adobe.io cdn.cookielaw.org www.google-analytics.com in.hotjar.com 289-tsc-352.mktoresp.com dudodiprj2sv7.cloudfront.net www.trustradius.com d30ia583fbtg8i.cloudfront.net gmc.lingotek.com https://metrics.hidglobal.com/; font-src 'self' maxcdn.bootstrapcdn.com script.hotjar.com d30ia583fbtg8i.cloudfront.net www.trustradius.com fonts.gstatic.com *.typekit.net; frame-src 'self' player.vimeo.com www.youtube-nocookie.com www.youtube.com vars.hotjar.com hidglobal.secure.force.com hidglobal.force.com hidglobal-communities.force.com accounts.google.com info.hidglobal.com bid.g.doubleclick.net www.google.com hidglobal.my.salesforce.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me www.google-analytics.com *.visual.force.com *.my.salesforce.com player.acast.com documentcloud.adobe.com bugcrowd.com; img-src 'self' data: www.google-analytics.com/ img.youtube.com stats.g.doubleclick.net play.google.com i.ytimg.com ssl.gstatic.com yt3.ggpht.com www.hidglobal.com www.hidglobal.cn www.hidglobal.fr www.hidglobal.mx www.hidglobal.de www.hidglobal.jp www.hidglobal.kr www.hidglobal.com.br www.hidglobal.ru *.hid.gl script.hotjar.com www.googletagmanager.com www.google.com hidglobal.com s3.amazonaws.com ssl.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me tagmanager.google.com www.gstatic.com px.ads.linkedin.com p.adsymptotic.com www.google-analytics.com info.hidglobal.com cdn.cookielaw.org media.trustradius.com i.vimeocdn.com ct.capterra.com wec-assets.terminus.services assets.adoberesources.net lh3.googleusercontent.com bat.bing.com gmc.lingotek.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com script.hotjar.com static.hotjar.com munchkin.marketo.net www.googleadservices.com www.googletagmanager.com www.youtube.com s.ytimg.com apis.google.com www.googleapis.com googleads.g.doubleclick.net sjs.bizographics.com px.ads.linkedin.com www.linkedin.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me www.thinglink.com tagmanager.google.com accounts.google.com info.hidglobal.com www.google.com snap.licdn.com cdn.cookielaw.org *.zoominfo.com vidassets.terminus.services assets.adoberesources.net documentcloud.adobe.com bugcrowd.com assets.bugcrowdusercontent.com metrics.hidglobal.com bat.bing.com gmc.lingotek.com https://cdnjs.cloudflare.com https://d3js.org https://metrics.hidglobal.com/; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me tagmanager.google.com fonts.googleapis.com info.hidglobal.com *.typekit.net gmc.lingotek.com https://cdnjs.cloudflare.com https://use.typekit.net; form-action 'self' *.mktoresp.com in.hotjar.com vc.hotjar.io sentry.hotjar.com *.hid.gl www.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com sentry.io info.hidglobal.com webto.salesforce.com; frame-ancestors 'self' engage.hidglobal.com hidglobal.com www.hidglobal.com http://hidglobal.lookbookhq.com https://hidglobal.lookbookhq.com http://hidglobal.pathfactory.com https://hidglobal.pathfactory.com; report-uri https://www.hidglobal.com/report-uri/enforce 4 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://*.vee24.com https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com wss://*.vee24.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://aapmbea2.be.srv.dev.sys:8200 https://*.contentsquare.net https://onesignal.com https://*.googleapis.com; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://*.vee24.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/; default-src 'none'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com https://static.vee24.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.vee24.com https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://*.vee24.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://static.vee24.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.kbc-group.com https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://*.googleapis.com https://static.vee24.com; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://*.googleapis.com https://static.vee24.com; worker-src 'self' blob:; 4 default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 4 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' cdn.linkedin.oribi.io api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.cdninstagram.com *.clarity.ms *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io www.facebook.com *.fbcdn.net *.firebot.io *.flockler.com flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.iconfinder.com *.ingest.sentry.io *.licdn.com *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io *.twimg.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net *.bootstrapcdn.com *.clarity.ms *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me snap.licdn.com ssr.marker.io *.webasto.com webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.clarity.ms *.clickdimensions.com https://connect.facebook.net/ *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io *.usercentrics.eu *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 4 upgrade-insecure-requests; default-src 'self'; frame-src 'self' snap.licdn.com *.elfsight.com *.googleapis.com *.lamapoll.de *.microsoftonline.com *.podigee.com *.podigee-cdn.net *.tuv-nord.com *.tuvnordegypt.com *.yammer.com lamapoll.de microsoftonline.com partner.vytal.org www.google.com www.youtube-nocookie.com www.youtube.com yammer.com *.whatchado.com whatchado.com crm.de; style-src 'self' 'unsafe-inline' *.amazonaws.com *.bing.com *.googleapis.com *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.walkme.com tuev-nord.de www.nord-kurs.de www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' snap.licdn.com *.amazonaws.com *.assets-yammer.com *.bing.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.elfsight.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.jquery.com *.lamapoll.de *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.userlike.com *.walkme.com assets-yammer.com connect.facebook.net f.vimeocdn.com hs-analytics.net lamapoll.de tuev-nord.de tuvnordvietnam.com.vn *.google-analytics.com www.google-analytics.com targetbox.de *.targetbox.de www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.nord-kurs.de www.youtube.com *.hs-banner.com js-hs-banner.com *.hs-scripts.com hs-scripts.com js.hsleadflows.net js.hsadspixel.net *.createjs.com zingtree.com blob:; font-src 'self' *.amazonaws.com *.bing.com *.cloudfront.net *.gstatic.com *.podigee.com *.podigee-cdn.net *.tuev-nord.de tuev-nord.de www.nord-kurs.de data:; connect-src 'self' *.hs-banner.com js-hs-banner.com *.hs-scripts.com snap.licdn.com *.amazonaws.com *.bbbserver.de *.bing.com *.clarity.ms *.consentmanager.mgr.consensu.org *.doubleclick.net *.elfsight.com *.googleapis.com *.herokuapp.com *.tuev-nord.de *.tuv-nord.com *.userlike.com targetbox.de *.targetbox.de bbbserver.de tuev-nord.de wss://tuev-academy-chatbot.herokuapp.com wss://umd.userlike.com *.google-analytics.com www.google-analytics.com www.youtube.com www.nord-kurs.de api.hubapi.com forms.hubspot.com; img-src * data:; media-src * blob:; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' https: 4 default-src https://*.go-mpulse.net https://*.akstat.io 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com herbalife.preview.ceros.com hnx.myherbalife.com herbalife-econnect.hrbl.com hlf.maps.arcgis.com www.herbalife.com www.herbalife.de www.herbalife.ca privacyportal-cdn.onetrust.com services.herbalifenutrition.com media.herbalifenutrition.com negocio.herbalife.com.mx privacyportal.onetrust.com privacyseals.bbbprograms.org da7xgjtj801h2.cloudfront.net cf-images.us-east-1.prod.boltdns.net translate.googleapis.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com dev.day.com rl.quantummetric.com geolocation.onetrust.com http-inputs-hrbl.splunkcloud.com herbalife-app.quantummetric.com herbalife-sync.quantummetric.com cdn.quantummetric.com cdn.cookielaw.org code.jquery.com optanon.blob.core.windows.net stats.g.doubleclick.net herbalife.112.2o7.net www.gstatic.com connect.facebook.net blob: data: user-aaimrzl.cld.bz www.google-analytics.com www.googletagmanager.com www.facebook.com twitter.com www.instagram.com www.linkedin.com www.dsa.org dsef.org www.bbb.org fonts.googleapis.com fonts.gstatic.com pixel.wp.com s0.wp.com stats.wp.com api.ceros.co ajax.googleapis.com media-s3-us-east-1.ceros.com namcerosdev.wpengine.com sdk.ceros.com assets.adobedtm.com metrics.brightcove.com players.brightcove.net cdn.flipsnack.com edge.api.brightcove.com cdnjs.cloudflare.com assets.herbalifenutrition.com smetrics.herbalife.com manifest.prod.boltdns.net httpsak-a.akamaihd.net bcbolt446c5271-a.akamaihd.net ds-aksb-a.akamaihd.net secure.brightcove.com vjs.zencdn.net f1.media.brightcove.com edge.myherbalife.com herbalife.demdex.net dpm.demdex.net herbalife.tt.omtrdc.net cm.everesttech.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat 4 frame-ancestors 'self' https://www.iu.org https://www.iu-fernstudium.de https://www.iu-dualesstudium.de https://www.iu-kombistudium.de https://www.iu-mystudium.de https://www.iu-group.com https://www.iu-careers.com https://www.iu-university.org https://www.iu-academy.org https://www.iu-akademie.de https://www.iu-medicalschool.de; 4 frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com *.medical-xprt.com medical-xprt.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com braintree-api.com *.braintree-api.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com *.d35rpq4gusjz9h.cloudfront.net d35rpq4gusjz9h.cloudfront.net americanexpress.com *.americanexpress.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com *.medical-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com medical-xprt.com 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src data: 'self' https://*.kiavi.com https://*.google.com https://*.google-analytics.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://f.hubspotusercontent20.net https://bat.bing.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com; upgrade-insecure-requests 4 frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 4 frame-ancestors 'self'; report-uri https://www.goodnes.com/report-uri/enforce 4 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net geoid.investisdigital.com www.google-analytics.com *.doubleclick.net bam.nr-data.net cookiemanager.investisdigital.com www.googletagmanager.com www.iff.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com geoid.investisdigital.com cdn.rawgit.com www.recaptcha.net *.googletagmanager.com www.iff.com snap.licdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com geoid.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com www.iff.com www.instagram.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com ir.iff.com www.facebook.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.media.brightcove.com edge.api.brightcove.com 'self' 'unsafe-inline' bam.nr-data.net www.google-analytics.com iff-corp-rev.pid2-e1.investis.com stats.g.doubleclick.net cookiemanager.investisdigital.com www.iff.com geoid.investisdigital.com cdn.linkedin.oribi.io 4 frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 4 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; 4 default-src 'self' *.e-point.pl *.adocean.pl *.ingbank.pl https://ing.pl https://analytics.google.com *.ing.pl *.google.com mojeing.pl; font-src 'self' *.ingbank.pl *.googleusercontent.com data: *.gstatic.com *.e-point.pl https://ing.pl https://analytics.google.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; style-src 'self' 'unsafe-inline' code.jquery.com *.ingbank.pl *.e-point.pl *.twitter.com *.gstatic.com https://ing.pl https://analytics.google.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; img-src 'self' data: *.ggpht.com *.adocean.pl *.e-point.pl www.google.pl *.googleusercontent.com *.akamaized.net *.gstatic.com ingbankslaski.d2.sc.omtrdc.net *.domy.pl *.demdex.net *.glosdlafirm.pl https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.hit.gemius.pl *.google-analytics.com *.twitter.com *.doubleclick.net https://ing.pl *.cdngr.pl *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://analytics.google.com *.analytics.google.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl; frame-src 'self' *.tradedoubler.com *.demdex.net *.e-point.pl *.hit.gemius.pl *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl *.twitter.com https://ing.pl *.pl.ing-ad https://analytics.google.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com *.googleusercontent.com ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.gstatic.com *.demdex.net www.googleadservices.com *.twitter.com *.e-point.pl *.adocean.pl https://ing.pl https://analytics.google.com https://www.googleoptimize.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl; object-src 'self' *.ingbank.pl *.e-point.pl https://ing.pl *.ing.pl *.googletagmanager.com mojeing.pl; connect-src 'self' *.e-point.pl *.adocean.pl *.demdex.net ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com *.doubleclick.net *.ingbank.pl *.twitter.com *.hit.gemius.pl https://ing.pl https://analytics.google.com *.googleapis.com *.analytics.google.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; frame-ancestors 'self' *.ingbank.pl *.demdex.net *.e-point.pl https://ing.pl *.ing.pl *.googletagmanager.com mojeing.pl; 4 frame-ancestors https://modelcentro.com/ 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *.vimeo.com 'unsafe-inline' 'unsafe-eval' *.boards-api.greenhouse.io *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://tags.clickagy.com/ cdn.jsdelivr.net pages.e2open.com pages.e2open.com/js/forms2/css/forms2.css blob: *.ep-mimecast.ads-twitter.com *.doubleclick.net *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.marketo.com *.nr-data.net https://analytics.twitter.com https://bat.bing.com https://bam.nr-data.net https://cdn.abrankings.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://j.6sc.co https://js.adsrvr.org https://js.facebook.com https://js-agent.newrelic.com https://munchkin.marketo.net https://okt.to https://platform.linkedin.com https://platform.twitter.com https://play.vidyard.com https://player.vimeo.com https://r.bing.com https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://static.oktopost.com https://tagmanager.google.com https://t.co https://visitor.reactful.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vimeo.com https://ws.zoominfo.com https://app-sj31.marketo.com/index.php/form/getForm https://bam.nr-data.net/1/NRJS-861f3eedf716c4eaf11 https://bat.bing.com/bat.js https://cdn.abrankings.com/js/client.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/722106568/ https://j.6sc.co/6si.min.js https://js-agent.newrelic.com/nr-1216.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.e2open.com/js/forms2/js/forms2.min.js https://platform.twitter.com/js/moment~timeline.d73eae5387f08ab9f8b71dcf9d12d391.js https://play.vidyard.com/embed/v4.js https://player.vimeo.com/api/player.js https://script.crazyegg.com/pages/scripts/0104/0422.js https://script.hotjar.com/modules.86ab03b5bc9b930d4f53.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2184122.js https://static.oktopost.com/oktrk.js https://visitor.reactful.com/dist/main.rtfl.js https://ws.zoominfo.com/pixel/61eeeb0bcd134a001e3eda0d https://www.clarity.ms/tag/uet/17464652 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js *.vimeo.com *.vimeocdn.com *.newrelic.com www.googletagservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' 'unsafe-inline' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.marketo.net *.marketo.com *.licdn.com *.google.com *.bing.com fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.vimeocdn.com maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' 'unsafe-inline' data: https://abs.twimg.com https://p.adsymptotic.com https://id.rlcdn.com https://px.ads.linkedin.com px.ads.linkedin.com https://aorta.clickagy.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://secure.gravatar.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com *.vidyard.com *.twimg.com *.twitter.com *.clarity.ms *.linkedin.com *.t.co *.bing.com t.co facebook.com zoominfo.com *.google.com *.6sc.co privacy-policy.truste.com px.ads.linkedin.com www.google.com.au *.google.co https://px.ads.linkedin.com/collect s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://809-eog-429.mktoresp.com https://hemsync.clickagy.com https://aorta.clickagy.com/ cdn.linkedin.oribi.io https://ad.doubleclick.net https://api.redirect.li/v1/ https://bam.nr-data.net https://bat.bing.com https://cdn.abrankings.com https://d.clarity.ms https://epsilon.6sense.com https://in.hotjar.com https://ipv6.6sc.co https://script.crazyegg.com https://sheets.googleapis.com https://stats.g.doubleclick.net https://tracking.reactful.com https://visitor.reactful.com https://ws.zoominfo.com https://ws31.hotjar.com https://www.google-analytics.com wss://ws31.hotjar.com *.6sc.co *.facebook.com *.hotjar.com *.clarity.ms secure.adnxs.com *.google-analytics.com vc.hotjar.io assets-tracking.crazyegg.com pages.e2open.com tracking.crazyegg.com pagestates-tracking.crazyegg.com 809-eog-429.mktoutil.com ws32.hotjar.com f.clarity.ms wss://ws30.hotjar.com wss://ws41.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com boards-api.greenhouse.io *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com data: fonts.gstatic.com fonts.googleapis.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' *.googlesyndication.com *.boards-api.greenhouse.io; media-src 'self' ; frame-src 'self' 'unsafe-inline' play.vidyard.com td.doubleclick.net pages.e2open.com https://11817530.fls.doubleclick.net https://match.adsrvr.org https://app-sj31.marketo.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com *.vimeocdn.com www.youtube.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob: www.google.com; base-uri 'self' ; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net pages.e2open.com; frame-ancestors 'self' t.co twitter.com; upgrade-insecure-requests; report-uri https://62cf790d4226858c368f8a9c.endpoint.csper.io/?v=0; 4 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 4 default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://iplogger.org/csp.php; 4 report-uri https://www.inchealth.org 4 frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com ; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.everbridge.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com https://px.ads.linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://epsilon.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://www.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self' https://js.driftt.com; object-src 'self' *.everbridge.com; prefetch-src 'self' ajax.googleapis.com s.w.org; style-src 'self' 'unsafe-inline' *.everbridge.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com; report-uri https://eblogging.report-uri.com/r/d/csp/reportOnly; 4 default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4 frame-ancestors https://*.myshopify.com https://admin.shopify.com 4 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 4 frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 4 frame-ancestors 'self' https://*.ci360.sas.com; 4 default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 4 default-src https: 'unsafe-inline' 'unsafe-eval'; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org urldefense.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net; report-uri /report-csp-violation 4 default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org forms.office.com player.youku.com *.qq.com; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com; upgrade-insecure-requests 4 default-src 'self'; img-src 'self' data: https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; media-src 'self' https://*.libsyn.com 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://insights.hotjar.com https://static.hotjar.com https://embed-ssl.wistia.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 4 frame-ancestors https://*.cspire.com:* 4 default-src * 'unsafe-eval'; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4 frame-ancestors 'self' *.mega.cl *.meganoticias.cl *.etc.cl *.google.com www-meganoticias-cl.cdn.ampproject.org 4 font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com data: 4 default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 4 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com https://app.accelus.com 4 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 4 default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; img-src 'self' editor.ne16.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; report-uri /Reports/LogCspError.ashx; 4 frame-ancestors https://xxl.sanity.studio 4 frame-ancestors https://*.netinfo.bg/ 4 style-src https: 'unsafe-inline' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com *.twitter.com *.google.com *.googleapis.com *.facebook.com *.facebook.net *.youtube.com *.s7.addthis.com *.addthis.com *.addthisedge.com *.gstatic.com www.gstatic.com fonts.gstatic.com *.google-analytics.com *.googletagmanager.com z.moatads.com uat2.enets.sg test.enets.sg www.enets.sg www.commzgate.net *.app.keyreply.com cdn.polyfill.io webchat.botbot.ai *.give.asia; style-src 'self' 'unsafe-inline' 'unsafe-eval' translate.google.com translate.googleapis.com keyreply.blob.core.windows.net *.give.asia; frame-ancestors 'self' https://test-mysurgery.singhealth.com.sg https://mysurgery.singhealth.com.sg https://*.give.asia; object-src 'none' 4 default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: assets-cdn.skynetworkcdn.com *.stackpathstorage.com; object-src 'self' https:; script-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline' assets-cdn.skynetworkcdn.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline'; media-src 'self' https: blob: 4 default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 4 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4 frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 4 frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 4 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 4 frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninassau.digital *.unama.digital *.univeritas.digital *.uninorte.digital *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br *.fasb.edu.br *.rdstation.com.br *.cursoscdmv.com.br https://cursoscdmv.com.br https://unijuazeiro.edu.br *.cloudfront.net *.unescnet.br *.fael.edu.br *.unifael.edu.br *.uni7.edu.br; 4 default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf https://opt-out.ferank.eu https://*.hotjar.com; media-src 'self' https://ooyalaeuwest.streaming.mediaservices.windows.net blob: https://www.tntv.pf https://www.youtube.com https://www.dailymotion.com https://*.hotjar.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://*.2mdn.net/ https://*.gvt1.com/; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://player.ooyala.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://ssl.google-analytics.com https://player.ooyala.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://*.googletagservices.com https://adservice.google.fr https://adservice.google.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://connect.facebook.net https://platform.twitter.com https://analytics.ooyala.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://s0.2mdn.net https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr http://player.ooyala.com http://players.brightcove.net https://players.brightcove.net https://vjs.zencdn.net https://analytics.ooyala.com/ https://www.instagram.com http://*.opta.net https://*.opta.net https://acdn.adnxs.com https://*.hotjar.com https://*.privacy-center.org https://js-cdn.dynatrace.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://player.ooyala.com/ https://platform.twitter.com https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu http://players.brightcove.net https://players.brightcove.net https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://www.instagram.com http://*.opta.net https://*.opta.net https://*.hotjar.com; child-src 'self' blob: https://*.myligue.fr https://www.google.com/ https://*.googlesyndication.com https://*.googletagservices.com https://securepubads.g.doubleclick.net https://player.ooyala.com/ https://platform.twitter.com/ https://staticxx.facebook.com/ https://syndication.twitter.com/ https://widgets.lfp.stats.com https://l.ooyala.com/ https://imasdk.googleapis.com/ https://www.youtube.com https://www.dailymotion.com https://cartemercatoligue1.com https://11type.lfp.fr https://story.tl https://*.ausha.co https://snapshots.playingsurface.net http://player.ooyala.com http://players.brightcove.net http://players.brightcove.net http://l.ooyala.com https://twitter.com https://www.facebook.com https://m.facebook.com https://www.instagram.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://www.google-analytics.com http://www.google-analytics.com https://www.sporcle.com https://*.hotjar.com https://*.spotify.com/ https://*.global-mmk.com https://platform.global-mmk.com/LFPMaps/Broadcasters/Index https://*.linkedin.com/; img-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com data: https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://lfpimageproxy.azureedge.net https://secure-cf-c.ooyala.com https://player.ooyala.com https://www.blogduparieur.com https://publish.lfpstg.ooflex.net https://syndication.twitter.com/ https://abs.twimg.com https://platform.twitter.com https://pbs.twimg.com https://www.youtube.com https://www.dailymotion.com https://www.google-analytics.com http://www.google-analytics.com https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://metrics.brightcove.com http://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://www.instagram.com https://cf-images.eu-west-1.prod.boltdns.net http://cf-images.eu-west-1.prod.boltdns.net https://tarteaucitron.io http://*.opta.net https://*.opta.net https://lspprdglcdn.azureedge.net https://ib.adnxs.com https://*.hotjar.com https://*.privacy-center.org https://play-lh.googleusercontent.com https://www.facebook.com https://www.google.fr; connect-src 'self' https://*.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com https://metrics-api.librato.com https://player.ooyala.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com http://edge.api.brightcove.com http://player.ooyala.com http://manifest.prod.boltdns.net http://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.privacy-center.org https://bf03397sci.bf.dynatrace.com; frame-ancestors 'self' https://*.myligue.fr; 4 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 4 frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 4 upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://www.googleanalytics.com https://www.google-analytics.com https://*.googleoptimize.com https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://maps.googleapis.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.gstatic.com https://www.googleadservices.com https://*.clicktripz.com https://cdn.ampproject.org https://*.facebook.net https://*.fontawesome.com https://*.clicktripz.com; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://*.googletagmanager.com https://*.googleoptimize.com https://optimize.google.com; frame-src 'self' https://*.googleoptimize.com https://optimize.google.com https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr; base-uri 'self' i.checkmybus.com 4 upgrade-insecure-requests;block-all-mixed-content; 4 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 4 default-src 'self' https: blob:; style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.cdn-prod *.cdn-prod.securiti *.securiti.ai *.app.securiti.ai; script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.bugherd.com *.liveperson.net *.lpsnmedia.net *.terminus.services *.jwpcdn.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.adsrvr.org *.twitter.com *.twimg.com *.oktopost.com okt.to *.adroll.com *.adroll.mgr.consensu.org *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.cdn-prod *.cdn-prod.securiti *.securiti.ai *.app.securiti.ai; object-src 'self'; connect-src 'self' *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com wss://*.ramblechat.com data:; font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:; img-src * *.jwpltx.com data:; frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com; 4 default-src * 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 4 default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * blob: ; object-src * ; child-src * ; frame-src * ; worker-src * blob: ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 4 frame-ancestors 'self' https://app.storyblok.com; 4 base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 4 default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.contactoffice.com https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 4 default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 4 default-src 'self' http: https: cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 4 default-src 'self' yastatic.net *.google-analytics.com *.mail.ru blob: www.facebook.com *.doubleclick.net api.sumsub.com ffin.global centinelapi.cardinalcommerce.com ddc.worldpay.com widget.trustpilot.com *.consentmanager.net code.jivosite.com; img-src 'self' 'unsafe-inline' data: *.tradernet.ru *.tradernet.kz *.tradernet.com vk.com login.vk.com www.googletagmanager.com www.google-analytics.com www.google.com www.google.ru www.facebook.com top-fwz1.mail.ru mc.yandex.ru v2.zopim.com content.mql5.com google.com.cy www.google.com.cy *.appsflyer.com *.onelink.me www.google.kz google.kz *.consentmanager.net cdn.carrotquest.app files.carrotquest.io files.carrotquest.app api.carrotquest.app api.carrotquest.io chart.googleapis.com ddc.worldpay.com inappstory.com/stories/loader.gif cs.getinappstory.com ffin.global bat.bing.com gocpa.cloud google.am www.google.am; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.tradernet.ru *.tradernet.com *.freedom24.com yastatic.net www.google-analytics.com cdn.jsdelivr.net ffin.global blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net www.google-analytics.com fonts.googleapis.com cdn.jsdelivr.net www.gstatic.com code.jivosite.com; font-src 'self' data: fonts.gstatic.com v2.zopim.com *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com; connect-src 'self' blob: tradernet.ru admin.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.com wss://wss.tradernet.kz wss://wss.tradernet.uz wss://wss.tradernet.ua wss://wss.tradernet.global wss://wss.trade.inveza.com wss://wss.trade.ffin.am wss://wss.grant.tradernet.com wss://wss.trade.mind-money.eu wss://wss.trade.wisdompointcapital.com wss://wss.freedom24.com suggestions.dadata.ru www.google-analytics.com stats.g.doubleclick.net top-fwz1.mail.ru sentry.dev.tradernet.ru content.mql5.com mc.yandex.ru ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com v2.zopim.com *.appsflyer.com ffin.global api.carrotquest.app wss://realtime-services-eu-chat-2.carrotquest.io api.carrottrack.app/users/$self_user/props api.carrottrack.app/users/$self_user/events realtime-services-eu-chat-2.carrotquest.io ddc.worldpay.com api.getinappstory.com/v2/ *.google-analytics.com www.mczbf.com www.sjwoe.com *.jivosite.com wss://*.jivosite.com delivery.consentmanager.net/delivery/; frame-ancestors 'self' https://*.freedom24.com https://freedom24.ru https://*.tradernet.com https://bankffin.kz https://*.bankffin.kz; 4 upgrade-insecure-requests; frame-ancestors 'self' www.newamericanfunding.com thebrokernetwork.com www.thebrokernetwork.com qa.thebrokernetwork.com staging.thebrokernetwork.com uat.thebrokernetwork.com; default-src 'unsafe-eval' 'unsafe-inline' data: https:; script-src 'unsafe-eval' 'unsafe-inline' data: https: blob:; style-src 'unsafe-inline' data: https:; img-src data: https: blob:; font-src data: https:; connect-src https: blob:; media-src data: https: blob:; object-src https:; frame-src data: https:; child-src data: https: blob:; form-action https:; 4 frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4 frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.airfranceklm.com https://*.accorhotels.com https://*.accor.com https://*.decibelinsight.net https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.google.com https://*.google-analytics.com https://*.hotjar.com https://*.klm.com https://*.optimizely.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.force.com https://*.salesforceliveagent.com/ https://*.salesforce.com https://*.usabilla.com 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 4 default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 4 default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net s-agent.newrelic.com sp.analytics.yahoo.com s.yimg.com userprotect.de.stihl-dns.net tagmanager.google.com www.google-analytics.com www.googletagmanager.com analytics-udg.netdna-ssl.com assets.adobedtm.com maps.googleapis.com typekit.net *.typekit.net *.adyen.com *.geoplugin.net *.openweathermap.org *.google.com *.google.de *.gstatic.com *.criteo.net *.criteo.com *.g.doubleclick.net *.facebook.net *.bing.com *.outbrain.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.ytimg.com *.pinimg.com *.excentos.com *.media01.eu *.googleadservices.com *.en25.com *.oracleinfinity.in *.maxymiser.net *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.tiqcdn.com *.google.com *.unpkg.com unpkg.com *.guuru.com *.tealiumiq.com *.newrelic.com *.b2x-env.cloud *.kuponacdn.de *.kpcustomer.de *.clarity.ms *.adsrvr.org *.tealiumiq.com *.maxymiser.net *.tiqcdn.com unpkg.com *.teads.tv *.googleadservices.com *.cookielaw.org *.onetrust.com *.cloudflare.com digitizer.app t.contentsquare.net app.contentsquare.com cdn.trkkn.com zenloop-website-overlay-production.s3.amazonaws.com *.google-analytics.com *.stihl.co.uk *.assistant.watson.appdomain.cloud *.stihl-timbersports.com *.foxbase.de cdn.foxbase.de https://www.googleoptimize.com https://www.googleanalytics.com the.sciencebehindecommerce.com pagead2.googlesyndication.com https://optimize.google.com *.solutenetwork.com *.kk-resources.com s.kelkoogroup.net https://apps.bazaarvoice.com; connect-src 'self' *.pinterest.com s.yimg.com bam.eu01.nr-data.net *.youtube-nocookie.com *.google.com *.google.de analytics.google.com *.g.doubleclick.net *.bing.com stihl-sso.com stihl.tui-servicelayers.io ext.nonstoppartner.net www.google-analytics.com *.omtrdc.net *.demdex.net adobeioruntime.net *.adobeioruntime.net maps.googleapis.com typekit.net *.typekit.net stihlb2bdocuments.blob.core.windows.net *.excentos.com *.media01.eu checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com ssl.geoplugin.net collect.tealiumiq.com api.openweathermap.org *.guuru.com *.facebook.com *.google.fr *.google.be *.google.nl *.google.es *.google.pt *.google.at *.google.gr *.google.ch *.google.lu *.google.it *.google.hu *.google.pl *.criteo.com *.googletagmanager.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.clarity.ms *.geoplugin.net *.cookielaw.org *.onetrust.com *.cloudflare.com *.digitizer.app *.contentsquare.net cdn.trkkn.com *.google-analytics.com *.zenloop.com *.assistant.watson.appdomain.cloud *.foxbase.de cdn.foxbase.de *.stihl-timbersports.com *.stihl.be *.stihl.com *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt ad.doubleclick.net pagead2.googlesyndication.com *.solutenetwork.com *.kk-resources.com s.kelkoogroup.net zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com; img-src 'self' *.criteo.com *.smaato.net *.pinterest.com *.pinterest.de *.google.ch *.doubleclick.net *.rubiconproject.com *.smartadserver.com *.3lift.com *.adnxs.com *.yahoo.com *.casalemedia.com *.pubmatic.com *.360yield.com *.openx.net *.twiago.com *.adscale.de *.adform.net *.advertising.com *.teads.tv *.media.net *.yieldlab.net *.omnitagjs.com *.bidswitch.net *.sharethrough.com *.ivitrack.com *.e-planning.net *.stickyadstv.com *.tremorhub.com *.taboola.com *.googleusercontent.com *.youtube-nocookie.com *.atdmt.com *.criteo.net *.ytimg.com stats.g.doubleclick.net *.google.com *.google.de www.google-analytics.com www.googletagmanager.com *.facebook.com *.bing.com *.outbrain.com *.everesttech.net *.demdex.net *.omtrdc.net static.stihl.com *.stihlusa.com typekit.net *.typekit.net *.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.facebook.net *.googleadservices.com *.maxymiser.net *.mgid.com *.guuru.com *.kargo.com *.liadm.com *.smartclip.net *.addthis.com *.yandex.ru *.b2x-env.cloud *.tealiumiq.com *.postrelease.com *.krxd.net *.tapad.com *.yieldmo.com *.thebrighttag.com *.bluekai.com *.clmbtech.com *.ants.vn *.rlcdn.com *.fwnm.net *.microad.jp *.mediavine.com *.mediawallahscript.com *.tpmn.co.kr *.adtdp.com *.revcontent.com *.rambler.ru *.aralego.com *.id5-sync.com *.google.fr *.google.be *.google.nl *.google.es *.google.pt *.google.it *.google.at *.google.lu *.google.gr *.google.co.uk *.google.cl *.google.com.mx *.google.hu *.google.cz *.google.pl *.google.se *.google.com.ua *.google.ca *.google.com *.google.nl *.google.com.br *.google.ru *.google.ro *.google.com.co *.google.fr *.google.tn *.google.com.ar *.google.hr *.google.bg *.google.com.tr *.google.sk *.clarity.ms *.googleads.g.doubleclick.net id5-sync.com *.turn.com *.mail.ru *.socdm.com *.admixer.co.kr *.dable.io *.cookielaw.org *.windows.net *.ad-stir.com *.meba.kr *.adingo.jp *.nate.com *.toast.com web-cdnend-techdoc-tsa-q.azureedge.net web-cdnend-techdoc-tsa-r.azureedge.net *.dmxleo.com *.foxbase.de cdn.foxbase.de *.rediunid.imrworldwide.com *.herrenseite.de *.contentsquare.net *.stihl.co.uk *.zenloop.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com dam.stihl.cloud *.stihl-timbersports.com segment.prod.bidr.io *.emxdgt.com https://optimize.google.com *.emxdgt.com storagetimbersportsdata.blob.core.windows.net *.youtube.com *.google.co.in region1.google-analytics.com ade.googlesyndication.com data.stihl-timbersports.com data: *.bazaarvoice.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.excentos.com *.googletagmanager.com *.onetrust.com *.cookielaw.org digitizer.app *.foxbase.de cdn.foxbase.de https://cdn.parcellab.com https://optimize.google.com; font-src 'self' cdnjs.cloudflare.com *.typekit.net typekit.net fonts.googleapis.com fonts.gstatic.com *.excentos.com *.guuru.com *.zenloop.com *.foxbase.de cdn.foxbase.de https://cdn.parcellab.com zenloop-assets.s3.eu-west-1.amazonaws.com; frame-src 'self' *.criteo.net userprotect.de.stihl-dns.net *.criteo.com e.video-cdn.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.demdex.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com static.stihl.com *.fls.doubleclick.net *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.redintelligence.net track.adform.net pixel.mathtag.com *.fls.doubleclick.net *.maxymiser.net *.guuru.com *.pinterest.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.kuponacdn.de *.ad-srv.net *.adsrvr.org *.cookielaw.org *.jaggaer.com segment.prod.bidr.io https://optimize.google.com *.dam.stihl.cloud googleads.g.doubleclick.net ct.pinterest.com *.stihl-dns.net my.matterport.com; child-src 'self' *.guuru.com blob: 4 frame-ancestors 'self' dampsoft.de *.dampsoft.de 4 default-src 'self' data: file: blob: filesystem: *.advarra.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.advarra.com *.cookiepro.com *.googleapis.com *.driftt.com *.drift.com *.demandbase.com *.facebook.com *.facebook.net *.fbevents.js *.google-analytics.com *.googlesyndication.com *.google.com *.googleadservices.com 811597963.privacysandbox.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.hotjar.com *.licdn.com px.ads.linkedin.com *.litix.io *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.omappapi.com *.onetrust.com plausible.io *.plausible.io *.surveymonkey.com *.ads-twitter.com *.twitter.com *.wistia.com *.wistia.net *.zoominfo.com; style-src 'self' 'unsafe-inline' *.advarra.com *.cookiepro.com *.google.com *.googletagmanager.com *.googleapis.com *.marketo.com *.omappapi.com *.typekit.net; img-src 'self' data: a.omappapi.com *.advarra.com *.adsymptotic.com *.cookiepro.com *.facebook.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.rlcdn.com match.prod.bidr.io region1.google-analytics.com region1.analytics.google.com segments.company-target.com *.twitter.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.gravatar.com t.co px.ads.linkedin.com px4.ads.linkedin.com *.linkedin.com; font-src 'self' data: *.typekit.net fonts.gstatic.com; connect-src 'self' *.advarra.com *.cookiepro.com *.company-target.com *.fbevents.js *.facebook.com *.google.com *.googlesyndication.com www.google-analytics.com wss://*.hotjar.com *.hotjar.com wss://ws10.hotjar.com ws10.hotjar.com *.hotjar.io *.omappapi.com *.litix.io *.mktoresp.com *.mktoutil.com *.nr-data.net stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.onetrust.com plausible.io *.plausible.io *.zoominfo.com; media-src 'self' data: file: blob: filesystem: *.advarra.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net; object-src *; frame-src 'self' *.advarra.com *.driftt.com *.facebook.com bid.g.doubleclick.net *.hotjar.com *.google.com *.googlesyndication.com *.marketo.com t.co *.surveymonkey.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.advarra.com *.forteresearch.com *.forteresearchapps.com *.nimblify.com *.tableau.com; block-all-mixed-content 4 default-src 'self' data: *.storyblok.com *.newmotion.com *.shellrecharge.com; connect-src 'self' ws: *.demdex.net *.g.doubleclick.net *.google-analytics.com *.infobip.com *.hotjar.com *.hotjar.io *.shell.com *.storyblok.com *.recruitee.com *.evidon.com *.demdex.net *.metrics-shell.com *.hsforms.net *.hsforms.com *.hubspot.com *.google.com *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com *.shellrecharge.com *.oribi.io *.force.com *.site.com *.zoominfo.com; frame-ancestors 'self' *.storyblok.com; frame-src 'self' *.demdex.net *.g.doubleclick.net *.hsforms.net *.hsforms.com *.newmotion.com *.pardot.com *.flashtalking.com *.hotjar.com *.evidon.com *.hsforms.com *.hubspot.com *.google.com *.goo.gl *.salesforce.com *.shellrecharge.com *.infobip.com *.srstest.io *.youtube.com *.vimeo.com *.doubleclick.net *.livestorm.co *.alchemer.eu *.salesforceliveagent.com *.salesforce.com *.newmotion.com; style-src 'self' *.storyblok.com 'unsafe-inline' *.shellrecharge.com *.salesforce.com *.force.com *.site.com; script-src 'self' *.adobedtm.com *.demdex.net *.evidon.com *.g.doubleclick.net *.facebook.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.hubspot.com *.infobip.com *.lfeeder.com *.licdn.com *.shell.com *.storyblok.com *.salesforce.com *.metrics-shell.com *.google.com *.goo.gl *.youtube.com *.vimeo.com *.doubleclick.net *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com 'unsafe-inline' 'unsafe-eval' *.shellrecharge.com *.force.com *.site.com *.zoominfo.com; object-src 'self' data:; img-src 'self' data: *.adsymptotic.com *.everesttech.net *.evidon.com *.google.com *.google-analytics.com *.googletagmanager.com *.lfeeder.com *.linkedin.com *.storyblok.com *.doubleclick.net *.demdex.net *.shellrecharge.com *.force.com 4 child-src 'self' https://*.hotjar.com https://www.rightnetworks.com; connect-src 'self' https://*.abtasty.com https://*.clarity.ms https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mktoresp.com https://*.olark.com https://*.parsely.com https://*.sitesearch360.com https://*.wistia.com https://*.youtube.com https://c.6sc.co https://cdn.linkedin.oribi.io https://designer-api.hu-manity.co https://grsm.io https://ipv6.6sc.co https://maps.googleapis.com https://partnerlinks.io https://scout.salesloft.com https://secure.adnxs.com https://tagmanager.google.com https://transactional-api.hu-manity.co https://www.googletagmanager.com https://www.rightnetworks.com wss://*.hotjar.com; default-src 'self' https://www.rightnetworks.com; font-src 'self' data: https://*.gstatic.com https://*.sfdcstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://static.olark.com https://www.rightnetworks.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.rightnetworks.com https://*.sitescout.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://s-static.ak.facebook.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://widgets.wp.com https://www.g2.com https://www.rightnetworks.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.linkedin.com https://*.parsely.com https://*.sitesearch360.com https://*.vimeocdn.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://analytics.twitter.com https://attr.ml-api.io https://b.6sc.co https://bat.bing.com https://editor-assets.abtasty.com https://googleads.g.doubleclick.net https://img.youtube.com https://log.olark.com https://maps.googleapis.com https://pixel.wp.com https://s.ml-attr.com https://s.w.org https://secure.adnxs.com https://storage.pardot.com https://t.co https://www.googletagmanager.com https://www.rightnetworks.com; media-src 'self' blob: data: file: https://*.wistia.com/ https://static.olark.com https://www.rightnetworks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adroll.com https://*.ads-twitter.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.marketo.com https://*.marketo.net https://*.olark.com https://*.pardot.com https://*.parsely.com https://*.rightnetworks.com https://*.salesforceliveagent.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://*.wp.com https://bat.bing.com https://cdn.hu-manity.co https://cdn.sitesearch360.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://extend.vimeocdn.com https://j.6sc.co https://scout-cdn.salesloft.com https://service.force.com https://snap.licdn.com https://snippet.growsumo.com https://tagmanager.google.com https://try.abtasty.com https://wistia.com https://www.clarity.ms https://www.googleadservices.com https://www.googletagmanager.com https://www.rightnetworks.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://*.wp.com https://cdnjs.cloudflare.com https://code.jquery.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://www.rightnetworks.com; worker-src 'self' blob: data: file: filesystem: https://www.rightnetworks.com unsafe-eval unsafe-inline 4 default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 4 default-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 4 default-src 'self' http: https: data: blob: wss: 'unsafe-inline'; 4 default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' wss://*.highmark.com https://*.highmark.com https://*.hmhs.com https://maps.googleapis.com https://www.google-analytics.com https://identitytoolkit.googleapis.com https://siteintercept.qualtrics.com; 4 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4 frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 4 frame-ancestors 'self' https://*.moody.edu 4 default-src 'none'; base-uri 'self' https://altoplan.de https://www.altoplan.de; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://wuzwyw4b.uriports.com/reports; report-to endpoint-1; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.metro-advertising.de *.metro-advertising.com *.metro-advertising.pl *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de; frame-src 'self' *.facebook.com www.youtube.com player.admiralcloud.com *.walls.io charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com app.mailjet.com feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com; connect-src 'self' *.google-analytics.com *.qualtrics.com *.twitter.com *.facebook.com bscmiagbot.metro.de endpoint-metro.cognigy.cloud wss://endpoint-metro.cognigy.cloud; frame-ancestors 'self'; 4 default-src https: 'unsafe-eval' 'unsafe-inline'; 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' x.bidswitch.net recaptcha.net code.jquery.com https://www.googletagmanager.com *.adform.net connect.facebook.net *.sportradar.com *.sportradarserving.com *.zdassets.com *.doubleclick.net www.gstatic.com *.cheqzone.com www.google-analytics.com obs.cheqzone.com ci-mpsnare.iovation.com *.youtube.com host.olybet.com blob: *.cobrowse.io *.cloudflare.com *.onesignal.com onesignal.com *.cookiebot.com vatson.ee *.vatson.ee bing.com *.bing.com hotjar.com *.hotjar.com script.crazyegg.com client.britepaymentgroup.com 4 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 4 default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 4 default-src 'none'; base-uri 'none'; font-src 'self' data:; frame-ancestors 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://*.netsuite.com; upgrade-insecure-requests; report-uri /app/security/csp/cspaudit.nl; 4 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' *.azdev.direct *.adobe.com 4 default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 4 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 4 default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://b92.yahoo.co.jp/ https://b97.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://ssl.google-analytics.com https://www.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; manifest-src 'self'; frame-src https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/; media-src * data: blob:; worker-src * data: blob: 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4 script-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net 4 default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ; 4 frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 4 default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 4 default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://www.facebook.com https://m.facebook.com/ https://www.instagram.com ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 4 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 4 frame-ancestors 'self' marketing.myresman.com; report-uri /report-violation 4 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' data: *;connect-src * 4 base-uri 'self'; connect-src 'self' www.gk-software.com; frame-src 'self' www.gk-software.com www.youtube.com www.youtube-nocookie.com; font-src 'self' fonts.gstatic.com data:; worker-src 'self' blob:; frame-ancestors 'self'; object-src 'self'; child-src 'self'; form-action 'self'; report-uri https://www.gk-software.com/csp-reporter.php?source=www.gk-software.com; 4 default-src 'self' https://optimize.google.com; frame-src 'self' data: https://oc-assets.klarnaservices.com https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.adsrvr.org https://*.adunion.com.au https://*.openpay.com.au https://*.ozsale.com.au https://*.nzsale.co.nz https://*.singsale.com.sg https://t.cfjump.com https://www.googleanalytics.com https://www.googleoptimize.com https://oc-library.klarnaservices.com https://*.criteo.com https://*.criteo.net https://*.api.useinsider.com https://*.useinsider.com https://*.g.doubleclick.net https://*.doubleclick.net https://www.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://*.klarnacdn.net https://*.useinsider.com https://*.api.useinsider.com https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://*.googleapis.com 'unsafe-inline'; font-src 'self' data: https://static.zipmoney.com.au https://*.klarnacdn.net https://*.useinsider.com https://*.api.useinsider.com https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.adunion.com.au https://*.adsrvr.org https://*.klarnaservices.com https://*.useinsider.com https://*.criteo.com https://*.api.useinsider.com https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbtp.nzsale.co.nz https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 4 frame-ancestors https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4 default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 4 frame-ancestors 'self' analytics.pt-dlr.de 4 frame-ancestors 'self' http://webvisor.com ; 4 default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 4 default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net *.bitmovin.com cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com;connect-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com dge.akamaized.net code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 4 frame-ancestors 'self' junchae.com linkharu.com 4 style-src 'self' 'unsafe-inline' 4 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 4 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' wpmudev.com *.fullstory.com *.sleeknote.com *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscta.net *.hs-analytics.net *.wistia.com *.wistia.net *.cloudfront.net *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.co.uk *.google.dk *.google.com *.googlesyndication.com *.doubleclick.net *.hotjar.com *.facebook.net *.twitter.com *.twimg.com *.litix.io *.yoast.com yoast.com *.clicktale.net *.cloudflare.com *.helpforsmartphone.com *.usemessages.com *.licdn.com *.linkedin.com *.pardot.com *.gamma.co.uk *.luckyorange.net *.qualified.com *.ampproject.org *.bing.com *.nitrocdn.com nitropack.io *.mutinycdn.com *.adroll.com *.zoominfo.com;connect-src 'self' 'unsafe-inline' wpmudev.com *.fullstory.com *.mutinycdn.com *.mutinyhq.io *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.com *.google.co.uk *.google.fi *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.net *.litix.io *.yoast.com yoast.com ws.zoominfo.com *.polyfill.io *.luckyorange.net wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ *.socket.io *.qualified.com wss://*.qualified.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.apps.gamma.co.uk *.ampproject.org wss://*.visitors.live *.luckyorange.com *.adnxs.com *.sleeknotecustomerscripts.sleeknote.com *.sleeknote.com wss://*.sleeknote.com *.nitrocdn.com *.getnitropack.com nitropack.io; style-src 'self' 'unsafe-inline' *.wpengine.com *.bootstrapcdn.com *.googleapis.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.twitter.com *.twimg.com *.qualified.com *.typekit.net *.nitrocdn.com; font-src 'self' data: *.mutinycdn.com *.wpengine.com *.bootstrapcdn.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.slideshare.net *.slidesharecdn.com *.qualified.com *.typekit.net *.gamma.co.uk *.wearegamma.co.uk *.nitrocdn.com *.adroll.com; frame-src 'self' blob: 'unsafe-inline' *.linkedin.com *.wpengine.com *.hsforms.com *.hsforms.net *.vimeo.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.twitter.com *.slideshare.net *.helpforsmartphone.com *.googlesyndication.com *.google.se *.google.com *.youtube.com *.hubspot.com *.qualified.com *.mobilethink.net; child-src 'self' blob: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.slideshare.net *.qualified.com *.sleeknote.com; media-src * blob: *.wpengine.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.akamaihd.net *.qualified.com *.sleeknote *.nitrocdn.com; object-src 'self' *.cloudfront.net; img-src 'self' data: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wp.com *.yoast.com yoast.com *.cloudfront.net *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com *.google.co.uk *.google.se *.google.ae *.google.nl *.google.es *.google.ie *.google.lv *.googleapis.com *.wpmudev.org *.adroll.com *.doubleclick.net *.hotjar.com *.akamaihd.net *.rubiconproject.com *.advertising.com *.facebook.com *.twitter.com *.twimg.com *.casalemedia.com *.outbrain.net *.outbrain.com *.pubmatic.net *.pubmatic.com *.taboola.net *.taboola.com *.yahoo.com *.bidswitch.net *.rlcdn.com *.openx.net *.adnxs.com *.digitru.st *.3lift.com *.adsymptotic.com *.rundsp.com *.bidr.io *.w55c.net *.adsrvr.org *.placelocal.com *.demdex.net *.nexac.com *.gravatar.com *.bing.com *.mathtag.com *.yume.com *.liadm.com *.exelator.com *.turn.com *.undertone.com *.tidaltv.com *.w.org *.everesttech.net *.pippio.com *.eyeviewads.com *.mxptint.net *.cardlytics.com *.ml314.com *.crwdcntrl.net *.simpli.fi *.addthis.com *.insightexpressai.com *.entitytag.co.uk *.rfihub.com *.adlucent.com https://qualified-production.s3.amazonaws.com *.qualified.com *.linkedin.com *.scatec.io *.sleeknote.com *.nitrocdn.com *.nitropack.io *.getnitropack.com; 4 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 4 upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 4 frame-ancestors 'self' https://www.mapama.gob.es 4 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.bern-altstadt.ch https://www.mediservice-news.ch https://rechner.soziale-sicherheit-chss.ch https://bsv.admin.ch https://www.bsv.admin.ch https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://www.mediapulse.ch; 4 default-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 4 frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space *.hostinger.com *.hostinger.io 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 4 “default-src" 4 frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 4 ... 4 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 4 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' https://marvel-b1-cdn.bc0a.com https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net *; upgrade-insecure-requests; script-src https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' *; block-all-mixed-content; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' ;script-src 'self' https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://www.facebook.com *.fbcdn.net data:;connect-src 'self' https://www.facebook.com https://graph.facebook.com *.googleapis.com data:;worker-src *;frame-src *; 4 default-src 'self'; script-src 'self' stryker.us12.list-manage.com s3.amazonaws.com cdn-images.mailchimp.com connect.facebook.net snap.licdn.com fast.fonts.net www.google-analytics.com *.googleapis.com www.google.com www.gstatic.com *.vimeo.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' s3.amazonaws.com cdn-images.mailchimp.com *.googleapis.com fast.fonts.net; font-src 'self' data: fast.fonts.net *.googleapis.com *.gstatic.com; img-src *; child-src *.vimeo.com *.google.com; connect-src 'self' www.google-analytics.com *.doubleclick.net 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com analytics.ajla.net bam.nr-data.net 4 frame-ancestors 'self'; base-uri 'self' 4 default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 4 default-src 'frame-src' 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleusercontent.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.youtube.com; img-src 'self' data: *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.ytimg.com *.vimeo.com *.vimeocdn.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 frame-ancestors 'self' *; upgrade-insecure-requests; 4 frame-ancestors 'self' *.egovcdn.com 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com 4 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.pricespider.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com https://www.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.pricespider.com *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: * ; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 4 frame-ancestors 'self' bid.g.doubleclick.net; script-src *.clarity.ms *.hs-analytics.net *.hs-banner.com *.hs-scripts.com ajax.googleapis.com bat.bing.com ct.capterra.com googleads.g.doubleclick.net myintervals.cdnedge.bluemix.net www.rapidscansecure.com ssl.google-analytics.com stats.myintervals.com www.clarity.ms www.getapp.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com 'self' 'unsafe-inline'; object-src 'none' 4 upgrade-insecure-requests;, upgrade-insecure-requests; 4 default-src 'self' data: wss: api.idnt.net www.idnt.net fonts.gstatic.com;script-src api.idnt.net www.google-analytics.com maps.google.com maps.gstatic.com *.twitter.com *.twimg.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';style-src api.idnt.net platform.twitter.com fonts.googleapis.com 'self' 'unsafe-inline';img-src api.idnt.net data: wss: www.google-analytics.com *.twitter.com *.twimg.com maps.gstatic.com maps.google.com www.gravatar.com 'self';frame-src data: wss: *.youtube.com *.youtube-nocookie.com *.twitter.com 'self'; 4 default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si intersport.si cdnjs.cloudflare.com www.google-analytics.com www.google.com www.google.si omara.cdn-cnj.si img.cdn-cnj.si www.google.de stats.g.doubleclick.net fonts.googleapis.com cpx.smind.si cpx.smind.hr cpx.smind.rs fonts.gstatic.com www.gstatic.com www.googletagmanager.com chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com www.googleadservices.com *.paypal.com www.paypal.com ajax.googleapis.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com googleads.g.doubleclick.net www.intersport.hr *.mercator.si maps.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com tagmanager.google.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.segmentify.com *.google.com api.instacloud.io *.cdninstagram.com *.fna.fbcdn.net fcm.googleapis.com *.vimeo.com my.matterport.com my.mpskin.com graph.instagram.com *.fitanalytics.com www.googleoptimize.com cdn.sgmntfy.com unpkg.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 4 frame-ancestors 'self' https://*.facebook.com https://omnicapabilities.s3.amazonaws.com; 4 frame-ancestors 'self' *.plentymarkets-cloud-ie.com 4 frame-ancestors 'self' https://*.biahosted.com https://*.paymentiq.io https://*.safecharge.com 4 frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self'; base-uri 'self'; form-action 'self' https://customer.hostedoffice.ag;connect-src 'self' wss://aipi.support/ws https://piwik.aipi.de; font-src www.aipi.de 'self';style-src-attr 'unsafe-hashes' 'sha256-nCtYqZm0TNQQ+U6cXsAjRWjgKgAcAC5EQGqtKUxK3vw=' 'sha256-1v7EUPO3OEib7RRCnrE1wWyo0L+fVMBtrmF4zWnylBU=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=';style-src www.aipi.de 'self' 'sha256-6sIirSjk3oMeq2FlEKzaPQ7IYNaX+HqF9VqRWIc7nuI=' 'sha256-QXYcyzpBG1Dk1TNxlL6Wx5OzhyiENrLRDOMIxnGc0m4=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=' aipi.de www.aipi.de aipi.support data:;img-src 'self' piwik.aipi.de aipi.support data:;script-src 'self' 'sha256-MXlRNlxiJENqTbNNighIGA8h1e1roYzHpYTzsQ/3Ig8=' 'sha256-V1jfgpWg4LJj7uEoGS+1IGGJKY0yJutd21MasuP8vrs=' piwik.aipi.de aipi.support;frame-src 'self' piwik.aipi.de; frame-ancestors 'self' piwik.aipi.de; object-src 'none'; report-uri https://aipi.report/csp-violation-report 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://partner.googleadservices.com ajax.googleapis.com cse.google.com *.moviead55.ru mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru https://cse.google.com vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com *.braun634.com *.trafficbass.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru vak345.com *.vak345.com https://sync.dmp.otm-r.com *.adriver.ru https://user91471.clients-cdnnow.ru https://videoroll.net videoroll.net *.videoroll.net playep.pro https://servicer.traffic-media.co.uk https://jsc.traffic-media.co.uk https://cs377.delikatsov.com https://cs377.premclubs.com https://vidroll.ru *.vidroll.ru https://pub-eu.p.otm-r.com https://cdn.serii.co https://cse.google.com https://yourbestbro.site videosmor.com datalock.ru *.videosmor.com push-centr.net push-plus.net https://farteniuson.com https://*.newsforall.biz fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://play.google.com https://cdn.serii.co https://track.analitycs.net https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* mc.yandex.fr yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com datalock.ru https://farteniuson.com https://syndication.twitter.com https://videoroll.net http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: etcodes.com:8040 etcodes.com:8040 ws://etcodes.com:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' data: fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com *.google.com https://code.moviead55.ru vak345.com etcodes.com https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 4 default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ; report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 4 default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk 4 frame-ancestors 'self' https://app.socialscreen.com 4 frame-ancestors 'self' uxstudioteam.com 4 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 3 default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://static.elevate.salesforce.org ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://pages.elevate.salesforce.org/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com ; 3 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self' https://actionverb.applytojob.com;frame-ancestors 'none';frame-src prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 3 default-src 'self' *.gatsbyjs.io *.linktr.ee website.linktr.ee *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com tally.so *.tally.so; script-src 'self' tiktok.com *.tiktok.com *.ttwstatic.com ttwstatic.com tally.so *.tally.so *.linktr.ee website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com *.featuregates.org featuregates.org *.trustpilot.com *.marker.io *.branch.io *.intercom.io intercom.io https://*.intercom.io https://*.intercom.com *.intercomcdn.com https://js.intercomcdn.com intercomcdn.io *.redditstatic.com *.sc-static.net sc-static.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com app.link *.exchangerate.host *.doubleclick.net *.cloudfunctions.net *.googleadservices.com public.profitwell.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.pdst.com cdn.pdst.fm *.facebook.net *.pinterest.com d.adroll.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee s.adroll.com analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.com *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.hsforms.net *.hsforms.com *.youtube.com *.lever.co *.profitwell.com *.sentry-cdn.com *.chargebee.com *.stripe.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: tally.so *.tally.so *.linktr.ee website.linktr.ee *.gatsbyjs.io *.trustpilot.com *.branch.io *.intercomcdn.com intercomcdn.io *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io intercom.io *.intercom-attachments-1.com *.snapchat.com *.clarity.ms *.reddit.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.hsforms.com *.w55c.net *.stackadapt.com ml314.com *.cxense.com *.sharethis.com *.ctfassets.net q.quora.com bat.bing.com *.facebook.com heapanalytics.com *.linktr.ee *.google.com *.google.com.au t.co *.yahoo.com *.adnxs.com *.bidswitch.net *.openx.net *.rlcdn.com *.twitter.com *.facebook.com *.pinterest.com *.adroll.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com ; style-src 'self' *.ttwstatic.com *.linktr.ee website.linktr.ee fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.linktr.ee website.linktr.ee *.gatsbyjs.io https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com; form-action 'self' *.facebook.com *.hsforms.com *.intercom.help *.intercom.io intercom.io https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io *.snapchat.com; connect-src 'self' tiktok.com *.tiktok.com facebook.com *.facebook.com website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.exchangerate.host https://capi.tr.ee *.featuregates.org featuregates.org *.snapchat.com *.branch.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.lever.co *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.cloudfunctions.net *.sentry.io *.profitwell.com wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com; media-src 'self' *.linktr.ee website.linktr.ee *.intercomcdn.com intercomcdn.io https://js.intercomcdn.com *.ctfassets.net; frame-src 'self' *.ttwstatic.com ttwstatic.com tiktok.com *.tiktok.com tally.so *.tally.so *.linktr.ee https://linktr.ee website.linktr.ee *.trustpilot.com *.branch.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.io *.snapchat.com *.pinterest.com *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com https://*.intercom.io https://*.intercom.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net spotify.com *.spotify.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net 3 frame-ancestors 'self' *.wildberries.ru 3 frame-ancestors https://pam.mcafee.com 3 connect-src 'self' blob: https://gcp.api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://aws.api.snapchat.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.snapchat.com https://app.snapchat.com https://sentry.sc-prod.net https://story.snapchat.com https://us-central1-gcp.api.snapchat.com ws: wss: https://static.snapchat.com https://sentry.sc-prod.net https://cdn.contentful.com; img-src 'self' blob: data: https://support-tools.storage.googleapis.com https://www.snapchat.com https://cf-st.sc-cdn.net https://www.google-analytics.com data: https://www.google.com https://www.google.co.uk https://www.google.com.sa https://www.google.ca https://www.google.fr https://www.google.com.no https://www.google.com.au https://static.snapchat.com; media-src https://bolt-gcdn.sc-cdn.net https://static.snapchat.com https://s.sc-cdn.net https://cf-st.sc-cdn.net blob:; script-src 'self' https://static.snapchat.com https://www.google-analytics.com https://www.googletagmanager.com 'sha256-SlyXqNpddFY9lxbguST5m22HifGELYV1FYec8XhHUkk=' 'sha256-FhUvlSz0BXj4r8M1nXAkVXmbcxiWrUXB6vNbCZ8A0Zk=' 'sha256-2LmOILM2HIS9pJC380owRlOYo+c5WOuuNL7oEMLss2I=' 'sha256-MNn0HyJxuyKnyn0lPM1hCzPzycraTm0TXEqX1khh/7k='; style-src 'self' https://static.snapchat.com 'unsafe-inline'; default-src 'self'; font-src 'self' https://snap-design-system.storage.googleapis.com https://ads-interfaces.sc-cdn.net https://static.snapchat.com; frame-ancestors 'none'; report-uri https://sentry.sc-prod.net/api/201/security/?sentry_key=0bb5245c839141efbb997cfdc0d21057; report-to https://sentry.sc-prod.net/api/201/security/?sentry_key=0bb5245c839141efbb997cfdc0d21057; block-all-mixed-content 3 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ *.google-analytics.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 3 frame-ancestors 'self' *.grammarly.com 3 block-all-mixed-content; default-src https://loc.gov/ https://*.loc.gov/ ; media-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ blob:; worker-src https://loc.gov/ https://*.loc.gov/ blob:; font-src https://loc.gov/ https://*.loc.gov/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ data:; img-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://dpm.demdex.net/ https://cm.everesttech.net/ https://*.amazonaws.com data: blob:; connect-src https://loc.gov/ https://*.loc.gov/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://thelibraryofcongress.tt.omtrdc.net/ https://dpm.demdex.net/ https://d3c605m4lmznjl.cloudfront.net/ https://*.s3.us-east-1.amazonaws.com/; style-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ https://assets.adobedtm.com/ 'unsafe-inline' blob:; script-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ https://assets.adobedtm.com/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://s.ytimg.com/ 'unsafe-inline' 'unsafe-eval'; frame-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://www.nlstalkingbooks.org/ https://unitedstateslibraryofcongress.demdex.net https://www.youtube-nocookie.com/; frame-ancestors https://loc.gov/ https://*.loc.gov/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://loc.libwizard.com/; report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 3 style-src 'self' 'unsafe-inline' *.gov *.com; 3 frame-ancestors 'self' *.intranet *.uolinc.com; 3 frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 3 upgrade-insecure-requests; frame-ancestors *.cisco.com 3 script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://billing-ads-qa-devel.corp.google.com https://payments.google.com/ https://www.youtube.com https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com;report-uri /_/Gstore/cspreport/allowlist 3 frame-ancestors 'self' https://*.apa.org; 3 frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 3 frame-ancestors braze-redesign-qa.herokuapp.com braze-redesign-uat.herokuapp.com braze-redesign-production.herokuapp.com homeslice.braze.com https://www.braze.com/ braze.com https://www.braze.co.jp/ braze.co.jp app.optimizely.com 3 frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3 frame-ancestors 'self' https://*.al-array.com/ 3 default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; report-uri /webhooks/csp-report; 3 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3 default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.messenger.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 3 default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com; block-all-mixed-content; upgrade-insecure-requests 3 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com pay.google.com *.amplitude.com privetmir.ru adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru ostrovokru006.webim.ru ostrovokru007.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com js.adara.com sdk.adara.com pay.yandex.ru thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com tracking.bonusway.com checkout.paypal.com pay.google.com static.criteo.net pay.yandex.ru gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com *.bluekai.com *.mail.ru ru.surveymonkey.com; frame-ancestors 'self' metrika.yandex.ru metrica.yandex.com *.webvisor.com webvisor.com; img-src * data:; report-uri /hc/csp 3 default-src 'self' www.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com s.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com blob:;object-src 'self';child-src 'self' data: blob:;worker-src blob:;script-src 'self' s.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com 'unsafe-inline' 'unsafe-eval' tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com dev.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com visualwebsiteoptimizer.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data: blob:;connect-src 'self' s.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com dev.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com visualwebsiteoptimizer.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://icicibankstt.senseforth.com/transcribe;img-src 'self' www.google-analytics.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com s.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data: blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com s.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' maps.gstatic.com gstatic.com fonts.gstatic.com data:;frame-src 'self' www.iciciprulife.com infinity.icicibank.com iciciprulife.com nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net; 3 default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 3 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 3 frame-ancestors 'self' https://afiliados.locaweb.com.br 3 frame-ancestors 'self' https://www.eezy.com 3 frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io *.bloomreach.cloud; 3 frame-ancestors https://playersupport.my.salesforce.com 3 default-src 'self' http: https: 3 default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com js.adsrvr.org analytics.bgalytics.com bat.bing.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com www.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com https://analytics.tiktok.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com cx.atdmt.com bat.bing.com d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com www.google-analytics.com www.google.com www.google.ca www.google.de www.google.ie *.googleapis.com chart.googleapis.com maps.googleapis.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io *.perka.com s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com cdn.vidyard.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' c.6sc.co ipv6.6sc.co secure.adnxs.com collection.bgalytics.com bat.bing.com *.browser-intake-datadoghq.com https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com googleads.g.doubleclick.net stats.g.doubleclick.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org www.google-analytics.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.greenhouse.io heapanalytics.com *.hotjar.com vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net *.mktoresp.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net sentry.io *.sentry.io collection.sperse.io api.thelevelup.com https://analytics.tiktok.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 3 default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src * 'self' https://www.youtube.com https://www.googletagmanager.com https://www.youtube-nocookie.com http://*.dynamics.com http://*.google.de http://*.google.com; frame-ancestors * http://*.dynamics.com 3 frame-ancestors 'self' https://www.a2hosting.com 3 frame-ancestors *.oray.com scrm-wx.weiling.cn 3 default-src 'self' blob: data: *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.sitescout.com *.driftt.com *.facebook.com *.doubleclick.net *.wistia.com *.bing.com *.ceros.com *.gstatic.com *.pagescdn.com *.youtube.com clickmeter.com *.clickmeter.com *.greenhouse.com *.fontawesome.com fast.wistia.net;img-src 'self' data: *.6sc.co *.services.greenhouse.io *.b0e8.com *.g2.com *.linkedin.com *.google-analytics.com *.google.com *.bing.com *.adroll.com *.bizible.com *.taboola.com *.outbrain.com *.3lift.com *.sitescout.com *.driftt.com *.facebook.com *.adsymptotic.com *.rubiconproject.com *.casalemedia.com *.doubleclick.net *.pubmatic.com googletagmanager.com *.googletagmanager.com clarity.ms *.clarity.ms *.wistia.com *.rumiview.com *.kickfire.com *.bizibly.com grnhse-marketing-site-assets.s3.amazonaws.com *.capterra.com *.adnxs.com *.krxd.net *.gstatic.com *.cookielaw.org;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.cookielaw.org *.b0e8.com polyfill.io *.polyfill.io googletagmanager.com *.googletagmanager.com unpkg.com *.unpkg.com *.googleadservices.com *.google-analytics.com *.licdn.com *.crazyegg.com *.clearbit.com *.clearbitjs.com *.ipify.org *.driftt.com *.adobedtm.com *.adroll.com appvizer.one *.appvizer.one *.pdst.fm pixel.ad *.pixel.ad *.bing.com *.bizible.com *.facebook.net *.marketo.net *.marketo.com clarity.ms *.clarity.ms *.doubleclick.net *.g2crowd.com *.sitescout.com *.wistia.com *.rumiview.com *.kickfire.com inline: *.unpkg.com *.polyfill.io *.sitescdn.net *.intellimize.co *.clearbitjs.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googleadservices.com *.b0e8.com *.intellimizeio.com *.googletagmanager.com *.6sc.co *.pagescdn.com *.yext.com *.ceros.com s3.amazonaws.com/scripts-clickmeter-com/js/conversion.js view.ceros.com/scroll-proxy.min.js *.googleoptimize.com *.greenhouse.com *.fontawesome.com cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.min.js cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js fast.wistia.net;style-src *.greenhouse.io *.sitescdn.net 'unsafe-inline' 'self' *.greenhouse.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css fast.wistia.com fast.wistia.net unpkg.com/flickity@2/dist/flickity.min.css;connect-src 'self' *.intellimize.co *.cookielaw.org *.onetrust.com *.yext-pixel.com *.6sc.co *.6sense.com *.g2.com *.crazyegg.com *.cloudfunctions.net appvizer.one *.appvizer.one *.google-analytics.com *.doubleclick.net *.adroll.com *.mktoresp.com *.clarity.ms *.analytics.google.com *.googletagmanager.com *.wistia.com *.bing.com *.facebook.com *.litix.io *.clearbit.com *.adnxs.com *.sitescdn.net *.bing.com *.yext.com *.intellimize.com 750-iss-976.mktoutil.com *.greenhouse.io embedwistia-a.akamaihd.net *.oribi.io cdn.linkedin.oribi.io *.greenhouse.com *.fontawesome.com;frame-src player.simplecast.com 117871812.intellimizeio.com go.greenhouse.io 9857173.fls.doubleclick.net pixel.sitescout.com view.ceros.com www.facebook.com js.driftt.com answers-embed.greenhouse.io.pagescdn.com boards.greenhouse.io *.g2.com *.greenhouse.io.pagescdn.com *.greenhouse.com *.clickmeter.com clickmeter.com embed.radiopublic.com; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; report-uri /report-csp-violation; upgrade-insecure-requests 3 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://my.visme.co 3 frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro https://assets.bugcrowdusercontent.com https://bugcrowd.com *.sportradar.com https://googletagmanager.com www.gstatic.com www.googletagmanager.com https://www.google.com https://www.google-analytics.com www.google-analytics.com https://fonts.googleapis.com https://cdn.priv.center/ https://www.googleadservices.com *.hotjar.com https://snap.licdn.com https://pi.pardot.com https://prod-origin.truendo.com https://googleads.g.doubleclick.net *.facebook.net google.com/recaptcha/api.js; img-src * data: 'self' blob:; frame-src * 'self'; media-src * 'self'; connect-src * https://www.google-analytics.com www.google-analytics.com; font-src * data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; style-src * 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; 3 frame-ancestors 'self' 3 default-src 'self' https: 'unsafe-inline' blob: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'self'; connect-src 'self' https://account.envato.com:* http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googlesyndication.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.btloader.com https://www.facebook.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://c.bing.com 3 frame-ancestors 'self' *.d2l.com *.brightspace.com d2l.local d2lcorp.local; 3 frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 3 frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com; 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 3 frame-ancestors https://*.demandbase.com 3 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com *.webex.com 3 frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 3 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3 'frame-ancestors' http://localhost:8100 https://*.tn.gov 3 frame-ancestors 'self' ssense.com *.ssense.com 3 default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com feedback-us.app.khoros.com *.jmp.com *.outgrow.us;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 3 script-src 'self' www.google-analytics.com blockchain.info 'unsafe-inline' 3 frame-ancestors 'self' https://*.chronicle.com 3 default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 3 default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 3 frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 3 default-src 'self' customer-cubrih08bflu3z2b.cloudflarestream.com pages.churnbuster.io ghbtns.com *.algolia.net help.ghost.io resources.ghost.io tutorials.ghost.io changelog.ghost.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://cdn.firstpromoter.com proxy-assets.churnbuster.io; style-src 'self' 'unsafe-inline' proxy-assets.churnbuster.io; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov optimize.google.com fonts.googleapis.com api.mapbox.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; media-src 'self' *.consumerfinance.gov; font-src 'self' fonts.gstatic.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; default-src 'self' 3 default-src 'self'; object-src 'self' *.cdn.datatables.net cdn.datatables.net; connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com; style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com; img-src 'self' data: i.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com; frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com; font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; frame-ancestors 'self'; 3 frame-ancestors 'self' *.ally.com; 3 default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3 default-src 'unsafe-inline' https: wss:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'self' https://*.unitycms.io; 3 frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com/i18n/pixel/events.js analytics.tiktok.com/i18n/pixel/config.js analytics.tiktok.com/i18n/pixel/identify.js bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app; img-src 'self' data: *.afterpay.com *.clearpay.co.uk maps.gstatic.com *.googleapis.com *.ggpht cdn.builder.io static.fbot.me www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.googletagmanager.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com cdn.branch.io www.google-analytics.com public.fbot.me connect.facebook.net *.bizible.com *.onetrust.com cdn.dashhudson.com likeshop.me track.linksynergy.com consent.linksynergy.com www.kmart.com.au www.bigw.com.au/ www.pacsun.com www.davidjones.com www.converse.com afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app bat.bing.com/action/0 images.asos-media.com www.maccosmetics.co.uk www.jomalone.co.uk m.aveda.com www.aveda.com *.cookielaw.org files.prezzee.com files.prezzee.com.au files.prezzee.uk; object-src 'none'; base-uri 'none'; 3 script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' blob: data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; worker-src blob:; report-uri https://www.startpage.com/do/cspvr 3 frame-ancestors www.jivochat.com https://*.jivosite.com https://*.jivo.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://disqus.com; child-src blob: https://mc.yandex.ru; frame-src blob: https://*.jivosite.com https://*.jivo.ru https://*.youtube.com https://mc.yandex.ru https://*.facebook.com https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://disqus.com https://*.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://events.nethouse.ru 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3 default-src 'none'; connect-src 'self' *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 3 connect-src edgeapi.ace.teliacompany.net awseukpi.whisbi.com t944.telia.se webprovisions-labs.humany.net 'self' api.whisbi.com stats.g.doubleclick.net www.google.se telia-natcenter.humany.net s3.eu-west-1.amazonaws.com/whi-deck-bucket-001/ chat.ace.teliacompany.net www.google.com eucentral1-widget.whisbi.com www.google-analytics.com https://connect.facebook.net n467.telia.se nupload.whisbi.com widget.whisbi.com telia-se.blueconic.net api.ace.teliacompany.net wds.ace.teliacompany.com telia-se-b2b.blueconic.net chat2.ace.teliacompany.net static.whisbi.com cgchat.callguide.telia.com pwe.callguide.telia.com *.usabilla.com eucentral1-nodeupload.whisbi.com telia.humany.net chat.ace.teliacompany.com eucentral1-api.whisbi.com; default-src localhost:41680 'self'; font-src static.whisbi.com https://fonts.gstatic.com webprovisions-labs.humany.net 'self' fonts.gstatic.com widget.whisbi.com telia.humany.net wds.ace.teliacompany.com eucentral1-widget.whisbi.com eucentral1-api.whisbi.com data: telia-natcenter.humany.net; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' *.doubleclick.net https://www.facebook.com wds-s.ace.teliacompany.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src t944.telia.se https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com stats.g.doubleclick.net www.google.se telia-natcenter.humany.net http://awseurtv3.whisbi.com www.google.com www.haynespro-services.com eucentral1-widget.whisbi.com www.google-analytics.com humany.blob.core.windows.net img.youtube.com n467.telia.se www.google.es/ads/ga-audiences widget.whisbi.com telia-se.blueconic.net telia-se-b2b.blueconic.net static.whisbi.com awseurtv3.whisbi.com d6tizftlrpuof.cloudfront.net s3-eu-west-1.amazonaws.com/whi-deck-bucket-001/ *.usabilla.com www.haynespro-assets.com telia.humany.net plugins.blueconic.net data:; media-src 'self'; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src t944.telia.se 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com telia-natcenter.humany.net www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com eucentral1-widget.whisbi.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net n467.telia.se widget.whisbi.com telia-se.blueconic.net wds.ace.teliacompany.com library.whisbi.com telia-se-b2b.blueconic.net static.whisbi.com cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net eucentral1-api.whisbi.com plugins.blueconic.net 'unsafe-eval'; style-src https://tagmanager.google.com t944.telia.se 'unsafe-inline' core.dc.teliacompany.net n467.telia.se https://optimize.google.com webprovisions-labs.humany.net 'self' widget.whisbi.com telia-se.blueconic.net wds.ace.teliacompany.com telia-se-b2b.blueconic.net telia-natcenter.humany.net d6tizftlrpuof.cloudfront.net core.dch.got.telia.se wds-s.ace.teliacompany.com telia.humany.net eucentral1-widget.whisbi.com plugins.blueconic.net https://fonts.googleapis.com 3 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3 frame-ancestors https://*.upwave.com 3 frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 3 script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net https://quickapp/jssdk.webview.min.js https://apis.google.com https://g.alicdn.com *.aliapp.org *.alibaba.com *.aliyun.com https://webapi.amap.com *.amap.com https://accounts.google.com; frame-ancestors 'self' god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://*.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/ http://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top http://*.chinaso.com http://*.chinaso365.com http://*.huanleguang.com http://*.huanleguang.cn http://bj.96weixin.com http://*.haoche.cn https://*.haoche.cn http://*.haoche.cn:*/ http://*.shuaishou.com http://localhost:* http://*.sensorsdata.cn http://*.uupoop.com/ https://*.fnwenjuan.cn http://*.mangoerp.com http://mangoerp.com http://*.dianxiaomi.com http://*.eccang.com/ http://*.smartapps.cn http://*.chaojimoban.com http://*.dianxiaobao.net http://*.elstgl.com http://*.maimiao.icu/ http://*.lediaocha.com http://cloud.ekuajing.cn http://172.16.23.196:1234/ http://fabu.yxbf.net http://*.wenjuan.com:* https://sirius-desktop-web.lx.netease.com https://*.cowork.netease.com:* https://*.office.163.com http://*.xbongbong.com http://*.amywechat.com http://*.shangqiukuajing.com https://www.wenjuan.top https://www.wenjuan.in https://www.wenjuan8.cn https://www.wenjuan.design https://www.wenjuan.com http://*.ecsale8.com http://*.b2csupply1.com http://*.jm-erp.com http://jm-erp.com http://*.sellerwell.com https://apis.google.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 3 frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 3 default-src 'self' https://www.google-analytics.com https://messenger.sber.ru:7766 wss://messenger.sberbank.ru:7766/api/ wss://messenger.sber.ru:7766 https://messenger.sberbank.ru:7766/api/device/auth_prelogin https://bitrix.info opt-1379625.ssl.1c-bitrix-cdn.ru http://ip-api.com https://static.doubleclick.net/instream/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ amcharts.com https://fonts.googleapis.com/ https://www.youtube.com https://s.ytimg.com top-fwz1.mail.ru play.google.com mc.yandex.ru amcharts.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sbchat.netlify.com/ *.yandex.net/ https://vk.com cdn.rutarget.ru opt-1379625.ssl.1c-bitrix-cdn.ru https://static.doubleclick.net/ www.youtube.com/iframe_api https://s.ytimg.com www.youtube.com top-fwz1.mail.ru code.jquery.com www.amcharts.com mc.yandex.ru ajax.googleapis.com yastatic.net api-maps.yandex.ru bitrix.info cdn.mxpnl.com www.google-analytics.com ; frame-src 'self' https://www.youtube.com opt-1379625.ssl.1c-bitrix-cdn.ru https://cdn.rutarget.ru http://webvisor.com https://metrika.yandex.ru api-maps.yandex.ru; object-src 'self' opt-1379625.ssl.1c-bitrix-cdn.ru amcharts.com ;img-src 'self' data: https://core-renderer-tiles.maps.yandex.net https://och1.efs.sberbank.ru:450 https://och1.efspsi.sberbank.ru:444 opt-1379625.ssl.1c-bitrix-cdn.ru cdn.rutarget.ru tag.rutarget.ru top-fwz1.mail.ru vk.com login.vk.com www.google.com www.google.ru www.google.com.ua counter.sberbank.ru stats.g.doubleclick.net https://yandex.ru/ http://www.amcharts.com/ https://www.amcharts.com/ https://www.google-analytics.com google-analytics.com vec01.maps.yandex.net amcharts.com vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net api-maps.yandex.ru mc.yandex.ru google-analytics.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com opt-1379625.ssl.1c-bitrix-cdn.ru www.amcharts.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com opt-1379625.ssl.1c-bitrix-cdn.ru fonts.googleapis.com 3 default-src 'none'; base-uri 'none'; connect-src 'self' data: *.credit-suisse.com *.hedani.net *.decibelinsight.net *.demdex.net *.doubleclick.net *.inbenta.com *.inbenta.io *.knowledgevision.com *.omtrdc.net *.qualtrics.com www.google-analytics.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net *.facebook.com *.googletagmanager.com soundcloud.com cdn.ampproject.org *.bing.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cookielaw.org *.onetrust.com *.pinterest.com webexapis.com *.wbx2.com *.ciscospark.com wss://*.ciscospark.com analytics.tiktok.com *.teads.tv;font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.hedani.net *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net *.qumucloud.com; frame-ancestors 'self' *.students.ch *.rowini.net *.ch.hedani.net content-uat.csintra.net content.csintra.net *.credit-suisse.com *.hedani.net *.adobedtm.com *.abusizz.ch *.maglr.com; frame-src 'self' blob: *.adobedtm.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com *.youtube-nocookie.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com *.pinterest.com anchor.fm *.microad.jp analytics.tiktok.com bugcrowd.com; img-src 'self' data: *.hedani.net *.credit-suisse.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ch t.co *.quantserve.com *.everesttech.net *.demdex.net *.youtube.com *.facebook.com *.facebook.net *.inbenta.com maps.gstatic.com maps.googleapis.com *.linkedin.com *.qualtrics.com *.gstatic.com *.inbenta.io *.mathtag.com *.bing.com gateway.zscloud.net *.googletagmanager.com *.glassdoor.com *.cookielaw.org *.qq.com *.adsymptotic.com *.pinterest.com *.teads.tv *.microad.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com; object-src 'self' blob: *.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.adobedtm.com *.ads-twitter.com cdn.ampproject.org *.anychart.com *.credit-suisse.com *.hedani.net *.everesttech.net *.facebook.net *.forms.credit-suisse.com *.google.ch *.google-analytics.com *.googleapis.com *.googletagmanager.com *.inbenta.com *.inbenta.io *.jquery.com *.knowledgevision.com *.licdn.com *.linkedin.com *.qualtrics.com *.twitter.com *.youtube.com *.ytimg.com maps.google.com tagmanager.google.com sc-static.net *.googleadservices.com googleads.g.doubleclick.net *.ampproject.org *.mathtag.com *.bing.com gateway.zscloud.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.ceros.com *.cookielaw.org *.qq.com *.qumucloud.com *.pinimg.com *.teads.tv *.microad.jp s.yimg.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com bugcrowd.com *.bugcrowdusercontent.com; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.hedani.net *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net analytics.tiktok.com *.teads.tv; style-src-elem 'self' 'unsafe-inline' data: *.credit-suisse.com *.inbenta.com *.inbenta.io; manifest-src 'self' data: *.credit-suisse.com; 3 script-src 'self' https://tag.simpli.fi https://bam-cell.nr-data.net https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline' 3 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 3 frame-ancestors check24.de *.check24.de 3 frame-ancestors 'self' *.springernature.com; 3 frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 3 default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.aticdn.net *.ioam.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.bunchbox.co *.surveymonkey.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com *.bunchbox.co;media-src * mediastream: blob:;frame-src * 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.ioam.de *.bunchbox.co *.surveymonkey.com mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://assetscdn.stackla.com https://widget.stackla.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.googleadservices.com https://quiz.chevronstemquiz.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://www.chevron.com https://fonts.googleapis.com https://cdn.cookielaw.org https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://go.chevron.email; upgrade-insecure-requests; block-all-mixed-content; 3 style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com; 3 script-src 'self' assets.adobedtm.com *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com *.onetrust.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net saasfocus.com ideacouture.com digitally.cognizant.com originchddco.cognizant.com originchdai.cognizant.com originltfow.cognizant.com t.contentsquare.net t.contentsquare.net/uxa/* *.contentsquare.net api.company-target.com/* c.6sc.co cognizant.sc.omtrdc.net https: 'unsafe-inline' 'unsafe-eval' data: blob:; 3 frame-ancestors 'self 3 base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io ; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 3 default-src 'self' data: https://*.commerce.gov https://www.eda.gov https://eda.gov https://unpkg.com https://*.basemaps.cartocdn.com https://polyfill.io https://www.googletagmanager.com https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://emenuapps.ita.doc.gov https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://app.powerbigov.us https://*.googleapis.com https://www.youtube-nocookie.com https://api.data.gov https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 3 frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 3 default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com https://*.readspeaker.com https://*.abtasty.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.2o7.net; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com https://www.youtube-nocookie.com https://cm.everesttech.net; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://*.demdex.net ; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com https://img.youtube.com https://*.demdex.net https://cm.everesttech.net *.2o7.net data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://*.readspeaker.com https://bdtm.containers.piwik.pro https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline' 3 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3 default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co tagmanager.google.com chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group static.hotjar.com script.hotjar.com vjs.zencdn.net *.google-analytics.com *.analytics.google.com *.mktorest.com *.clearbitjs.com *.ads-twitter.com; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com *.fitch.group; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com www.google-analytics.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.mktorest.com *.clearbit.com; prefetch-src 'self' *.funnelenvy.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com *.evidon.com fitchconnect.piwikpro.com fitchconnect.piwik.pro munchkin.marketo.net snap.licdn.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com *.brightcove.com *.google-analytics.com *.analytics.google.com *.mktorest.com; img-src 'self' blob: *.fitchratings.com data: *.evidon.com *.googletagmanager.com trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com www.google-analytics.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.linkedin.com p.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net script.hotjar.com *.google-analytics.com *.analytics.google.com; font-src 'self' data: *.fitchratings.com fonts.gstatic.com script.hotjar.com; frame-src 'self' *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com vars.hotjar.com; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 3 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' script-src: https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com object-src: https://fonts.gstatic.com connect-src: *.google-analytics.com *.analytics.google.com img-src: *.google-analytics.com *.analytics.google.com; 3 script-src 'self'; 3 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 3 connect-src 'self' https://fastmail.innocraft.cloud https://*www*.fastmail.com; media-src 'self'; font-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; child-src 'self' https://*.libsyn.com; worker-src 'self'; object-src 'none'; frame-src https://*.fastmail.com https://*.libsyn.com; form-action 'self'; frame-ancestors 'none' 3 frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 3 default-src 'self' fonts.googleapis.com 'unsafe-inline' cdn.cookielaw.org www.googletagmanager.com *.imgix.net f7132108c1tst-store.occa.ocs.oraclecloud.com onlinestore.sgs.com static.cloud.coveo.com www.google-analytics.com www.sgs.com auditedsupplier.sgsgroup.com.cn cdn.jsdelivr.net bot.leadoo.com pagead2.googlesyndication.com res.leadoo.com analytics.cloud.coveo.com jobpal-sm.s3.amazonaws.com analytics-eu.cloud.coveo.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com res.leadoo.com jobpal-sm.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.smooch.io https://*.smooch.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.googletagmanager.com www.google.com https://www.google.com www.gstatic.com static.cloud.coveo.com www.google-analytics.com https://www.google-analytics.com cdn.jsdelivr.net *.leadoo.com cdn.cookielaw.org pagead2.googlesyndication.com *.en25.com *.eloqua.com www.youtube.com static.hotjar.com script.hotjar.com s.go-mpulse.net jobpal-sm.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.smooch.io https://*.smooch.io https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.recaptcha.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://static.cloud.coveo.com jobpal-sm.s3.amazonaws.com *.leadoo.com; frame-src 'self' tools.eurolandir.com www.google.com youtu.be www.sgs.com www.youtube.com *.hotjar.com *.sgs.com www.sgs.pl auditedsupplier.sgsgroup.com.cn https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.fls.doubleclick.net http://*.smooch.io https://*.smooch.io bid.g.doubleclick.net www.linkedin.com *.facebook.com connect.facebook.net *.leadoo.com https://www.recaptcha.net https://optimize.google.com; child-src 'self' *.youtube-nocookie.com www.youtube.com v.qq.com www.google.com *.sgs.com *.facebook.com connect.facebook.net; frame-ancestors 'self' www.googletagmanager.com www.sgs.pl; connect-src 'self' f7132108c1tst-store.occa.ocs.oraclecloud.com onlinestore.sgs.com cdn.cookielaw.org *.leadoo.com platform-eu.cloud.coveo.com anl.leadoo.com analytics.cloud.coveo.com pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com www.google.com googleads.g.doubleclick.net privacyportal-de.onetrust.com *.go-mpulse.net jobpal-sm.s3.amazonaws.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://*.smooch.io https://*.smooch.io *.googletagmanager.com *.g.doubleclick.net *.google.com https://www.google-analytics.com *.linkedin.com *.licdn.com *.facebook.com connect.facebook.net analytics-eu.cloud.coveo.com *.akstat.io https://cdn.linkedin.oribi.io https://geolocation.onetrust.com; img-src 'self' data: *.sgs.com *.imgix.net *.leadoo.com sgs.imgix.net *.google-analytics.com *.analytics.google.com *.eloqua.com i.ytimg.com cdn.cookielaw.org *.cdninstagram.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.fls.doubleclick.net http://*.smooch.io https://*.smooch.io https://ssl.gstatic.com https://www.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://www.google-analytics.com https://ade.googlesyndication.com *.linkedin.com *.licdn.com p.adsymptotic.com *.facebook.com *.facebook.net *.fbcdn.net https://optimize.google.com; worker-src 'self' https: blob:; media-src 'self' media.licdn.com; form-action 'self' *.facebook.com connect.facebook.net; 3 frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 3 font-src 'self' tls.freenet.de https://fonts.gstatic.com oauth.freenet.de; img-src * data:; frame-ancestors *.freenet.de; object-src 'self'; 3 default-src 'self' https https://*.wistia.com https://*.wistia.net www.google.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismhr.com *.marketo.com *.clickagy.com cdn-cookieyes.com snap.licdn.com bat.bing.com/ snap.licdn.com connect.facebook.net ws.zoominfo.com connect.facebook.net/ *.google-analytics.com organizer.bizzabo.com/ www.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.wistia.com *.wistia.net src.litix.io js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com script.hotjar.com static.hotjar.com/ munchkin.marketo.net/munchkin.js ucarecdn.com/; style-src 'self' 'unsafe-inline' fast.wistia.com tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/; frame-src *.doubleclick.net *.storylane.io https://www.prismhrlive.com *.youtube.com https://bid.g.doubleclick.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com fast.wistia.com fast.wistia.net https://vars.hotjar.com https://www.facebook.com https://player.vimeo.com *.google.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; img-src 'self' *.demdex.net *.crwdcntrl.net *.openx.net *.doubleclick.net *.sitescout.com *.rlcdn.com *.agkn.com *.clickagy.com https://cdn-cookieyes.com https://c.clarity.ms/c.gif data: https://px.ads.linkedin.com/ https://bat.bing.com/ https://p.adsymptotic.com https://www.facebook.com *.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com googleads.g.doubleclick.net www.google.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.facebook.com *.wpengine.com; font-src 'self' data: *.wistia.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' *.google.com wss://*.hotjar.com *.clickagy.com *.oribi.io *.hotjar.com *.zoominfo.com https://log.cookieyes.com https://cdn-cookieyes.com https://events.bizzabo.com *.google-analytics.com *.hubspot.com https://stats.g.doubleclick.net/ api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.litix.io *.wistia.com https://yoast.com https://my.wpengine.com embedwistia-a.akamaihd.net; form-action 'self' forms.hsforms.com forms.hubspot.com https://www.facebook.com; media-src 'self' data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; worker-src 'self'; frame-ancestors 'self'; 3 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https:; frame-ancestors tweakers.net *.tweakers.net; report-uri https://dpgtech.report-uri.com/r/t/csp/enforce 3 frame-ancestors https://agents.ethoslife.com; 3 frame-ancestors https://app.experiencewelcome.com/ https://test-panther.pantheonsite.io/; 3 frame-ancestors 'self' https://nch-dev-healthdirect.crm6.dynamics.com https://nch-healthdirect.crm6.dynamics.com https://nch-test-healthdirect.crm6.dynamics.com https://nch-trn-healthdirect.crm6.dynamics.com 3 frame-ancestors 'self' *.trekbikes.com 3 default-src='self'; 3 frame-ancestors https://*.sutterhealth.org 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com unpkg.com data: google.com www.google.com gstatic.com centralnicgroup.activehosted.com *.cloudfront.net blob: https://api.mapbox.com https://*.hotjar.com https://www.youtube-nocookie.com 3 report-uri https://csp.cre.lidl-shop.com/csp/report; form-action 'self' https://accounts.lidl.com https://survey.g.doubleclick.net; script-src 'self' blob: data: https://*.batch.com https://*.cookiebot.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://bidswitch.net https://cdn.cookielaw.org https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.bing.com https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.semtrack.de https://*.simplesurance.de https://adservice.google.de https://ajax.googleapis.com https://api.theadex.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://cloud.mail.lidl.de https://cm.g.doubleclick.net https://code.etracker.com https://dmp.theadex.com https://dsp.adfarm1.adition.com https://facebook.com https://h.online-metrix.net https://lidlde.int.userwerk.com https://s.ytimg.com https://tracking.s24.com https://www.bing.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.googleadservices.com https://www.lacmp.net; img-src 'self' data: https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.casalemedia.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cookiebot.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://www.bing.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.youtube.com https://www.googletagmanager.com moz-extension: https://*.adition.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.bizrate.com https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://balancechecks.tx-gate.com https://contextual.media.net https://dmp.theadex.com https://event.yoochoose.net https://facebook.com https://h.online-metrix.net https://lh3.googleusercontent.com https://lidlde.int.userwerk.com https://match.sharethrough.com https://pubsaf.global.ssl.fastly.net https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://www.bing.com https://www.google-analytics.com; frame-src 'self' https://*.cookiebot.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://ams.creativecdn.com https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com intent: https://*.adyen.com https://*.bizrate.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.ftrace.com https://*.lidl-info.com https://*.mynetfair.com https://*.sit.sys.odj.cloud https://*.vrxs.de https://api.theadex.com https://ar.lidl.com https://balancechecks.tx-gate.com https://facebook.com https://h.online-metrix.net https://lidl-giftcard.eu https://lidlde.int.userwerk.com https://review.apps.01.cf.eu01.stackit.cloud https://www.edge-cdn.net https://www.lidl-gewinnspiel.de https://www.lidl-giftcard.eu; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io https://beeem.co; base-uri 'self'; object-src data: https://*.batch.com https://*.cookiebot.com https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.lidl-info.com https://*.online-metrix.net https://facebook.com https://h.online-metrix.net; style-src 'self' https://*.cookiebot.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.bing.com https://www.google.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com https://www.bing.com; default-src 'self' blob: data: https://*.assets.schwarz https://*.batch.com https://*.cookiebot.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://bidswitch.net https://cdn.cookielaw.org https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://r.bing.com https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.bing.com https://www.google.be https://www.google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://analytics.google.com https://balancechecks.tx-gate.com https://cloud.mail.lidl.de https://dmp.theadex.com https://event.yoochoose.net https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://lidlde.int.userwerk.com https://tracking.s24.com https://www.bing.com https://www.google-analytics.com https://www.lacmp.net https://csp.cre.lidl-shop.com; 3 frame-ancestors * ; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors www.red-gate.com; 3 frame-ancestors 'self'; object-src 'none'; base-uri 'none'; form-action 'self' www.facebook.com;report-uri https://data.jijiapp.net/csp-report; 3 script-src https://shopping.com https://*.shopping.com https://*.paypalobjects.com https://*.paypal.com https://www.google-analytics.com https://checkout.ebay.com 'unsafe-inline'; connect-src https://shopping.com https://*.shopping.com https://*.paypal.com; form-action https://shopping.com https://*.shopping.com; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3 default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 3 frame-ancestors secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; 3 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; 3 default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self' mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 3 frame-ancestors *.procore.com 3 img-src https: data: 3 frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh 3 default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 default-src 'self' https: data: 'unsafe-inline' 3 frame-ancestors 'self', upgrade-insecure-requests 3 frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 3 base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src *.googletagmanager.com cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src *.rocketcdn.me tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 3 default-src 'unsafe-inline' 'unsafe-eval' *.windstream.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.union.agency *.salesforceliveagent.com *.clarity.ms https://js.adsrvr.org/ https://ag.innovid.com/ https://s-a.innovid.com https://www.googleoptimize.com https://edge.marker.io https://www.google-analytics.com https://558-has-110.mktoresp.com https://acsbapp.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://api.cartstack.com https://app-sj11.marketo.com https://assets.adobedtm.com https://bam.nr-data.net https://bat.bing.com https://c.la2-c2cs-iad.salesforceliveagent.com https://c.la4-c2-ph2.salesforceliveagent.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d.la2-c2cs-iad.salesforceliveagent.com https://d.la4-c2-ph2.salesforceliveagent.com https://email.windstreamenterprise.com https://googleads.g.doubleclick.net https://hero.kingpinkton.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://munchkin.marketo.net https://optimize.google.com https://pnapi.invoca.net https://polyfill.io https://s.pinimg.com https://sc-static.net https://script.hotjar.com https://se.monetate.net https://siteimproveanalytics.com https://snap.licdn.com https://solutions.invocacdn.com https://static.ads-twitter.com https://static.hotjar.com https://unpkg.com https://villain.kingpinkton.com https://visit.gokinetic.com https://visit.gokinetic.com/ https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.windstreamonline.com https://www.youtube.com; font-src 'self' data: https://use.typekit.net https://acsbapp.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net/ https://optimize.google.com https://app-sj11.marketo.com https://email.windstreamenterprise.com https://fonts.googleapis.com https://kinetic-cart-cms.union.agency https://stackpath.bootstrapcdn.com https://unpkg.com; img-src 'self' https://optimize.google.com https://usermatch.krxd.net https://maps.gstatic.com https://unpkg.com https://hero.kingpinkton.com https://id5-sync.com https://ads.scorecardresearch.com https://acsbapp.com https://aa.agkn.com https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com https://windstream.d2.sc.omtrdc.net https://secure.adnxs.com https://tags.w55c.net https://www.google.com https://www.google.co.in https://6029303.global.siteimproveanalytics.io https://bat.bing.com https://ct.pinterest.com https://www.facebook.com https://t.co https://trkn.us https://www.google-analytics.com https://pixel-a.basis.net https://clickserv.basis.net https://googleads.g.doubleclick.net https://b.6sc.co https://px.ads.linkedin.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://dpm.demdex.net https://beacon.krxd.net https://eb2.3lift.com https://pixel.sitescout.com https://clickserv.sitescout.com https://img.icons8.com https://pixel.rubiconproject.com https://analytics.twitter.com https://contextual.media.net https://img.icons8.com https://clickserv.sitescout.com https://p.adsymptotic.com https://dc.ads.linkedin.com https://ib.adnxs.com https://pixel.tapad.com https://odr.mookie1.com https://idsync.rlcdn.com https://tags.bluekai.com https://dsum-sec.casalemedia.com https://cm.g.doubleclick.net https://cx.atdmt.com https://vc.hotjar.io https://cm.g.doubleclick.net https://connect.facebook.net https://cx.atdmt.com https://pippio.com https://match.adsrvr.org https://www.linkedin.com data: https:; connect-src 'self' *.union.agency *.clarity.ms https://ipv6.6sc.co/ https://analytics.google.com https://k.clarity.ms https://google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://craftcms.windstream.com/ https://staging-cms.windstream.com/ https://api.marker.io https://kinetic-cart-cms.union.agency https://maps.googleapis.com https://unpkg.com https://436-swj-524.mktoutil.com https://hero.kingpinkton.com https://tr.snapchat.com https://436-swj-524.mktoresp.com https://bam.nr-data.net https://www.facebook.com https://ws12.hotjar.com https://email.business.windstream.com https://bat.bing.com https://558-has-110.mktoutil.com https://www.google-analytics.com https://cdn.acsbapp.com https://connect.supplychain.fedex.com https://ct.pinterest.com https://stats.g.doubleclick.net https://558-has-110.mktoresp.com https://c.6sc.co https://secure.adnxs.com https://in.hotjar.com https://pnapi.invoca.net https://vc.hotjar.io https://maps.googleapis.com/maps; frame-src 'self' https://ct.pinterest.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://11771150.fls.doubleclick.net https://optimize.google.com https://app.marker.io https://epaytest.windstream.com/ https://www.pinterest.com/ https://tr6.snapchat.com https://email.windstreamenterprise.com https://acsbapp.com https://bid.g.doubleclick.net https://epay.windstream.com https://epay.windstreamonline.com https://tr.snapchat.com https://www.googletagmanager.com https://vars.hotjar.com https://www.facebook.com https://pixel-a.basis.net https://www.youtube.com https://sr.rlcdn.com https://pixel.sitescout.com https://www.google.com https://app-sj11.marketo.com https://player.vimeo.com https://bcove.video https://players.brightcove.net https://visit.gokinetic.com; object-src https://bcove.video 3 frame-ancestors 'self' *.eur.nl 3 font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 3 default-src 'none'; manifest-src 'self'; base-uri 'self'; form-action 'self' * https://jisc.msgfocus.com https://emails.jisc.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ux.digitalresources.jisc.ac.uk https://cdn.wootric.com https://www.jisc.ac.uk/sites/all/modules/custom/jisc_general/ckeditor/ckeditor_config.js?t=rec1bd https://www.jisc.ac.uk/sites/all/modules/custom/jisc_general/ckeditor/ckeditor_config.js https://live.matomo.jisc.ac.uk https://code.jquery.com https://www.youtube.com https://map.eduroam.uk https://www.bing.com https://cdn-eu.dynamicyield.com https://st-eu.dynamicyield.com https://www.gstatic.com https://embed.doorbell.io https://www.google-analytics.com https://ajax.googleapis.com http://static.hotjar.com https://static.hotjar.com/ https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com; connect-src 'self' https://ux.digitalresources.jisc.ac.uk https://adm.dynamicyield.eu https://cdn-eu.dynamicyield.com https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://jisc.msgfocus.com/ https://live.matomo.jisc.ac.uk https://async-px-eu.dynamicyield.com https://doorbell.io https://www.google-analytics.com https://c9k2dloukg.execute-api.eu-west-1.amazonaws.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://ux.digitalresources.jisc.ac.uk cdn-eu.dynamicyield.com st-eu.dynamicyield.com rcom-eu.dynamicyield.com https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com https://embed.doorbell.io https://fonts.googleapis.com; img-src 'self' data: https://ux.digitalresources.jisc.ac.uk https://i.ytimg.com https://live.matomo.jisc.ac.uk https://www.jisc.ac.uk/ https://www.google-analytics.com www.googletagmanager.com https://script.hotjar.com http://script.hotjar.com; font-src 'self' https://ux.digitalresources.jisc.ac.uk https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com https://fonts.static.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' https://w.soundcloud.com https://soundcloud.com https://www.slideshare.net https://www.youtube.com https://player.vimeo.com https://maps.google.co.uk https://www.youtube-nocookie.com/ https://www.google.com https://newassets.hcaptcha.com https://vars.hotjar.com https://jisc.msgfocus.com https://www.jisc.ac.uk;frame-ancestors 'self' https://www.jisc.ac.uk; media-src *; 3 frame-ancestors 'self' http://ideas.cloudera.com https://ideas.cloudera.com http://pages.cloudera.com https://pages.cloudera.com https://resources.cloudera.com http://resources.cloudera.com https://*.kampyle.com https://*.medallia.com 3 upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3 frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3 frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3 default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net https://*.googletagmanager.com; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com https://*.googletagmanager.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.castlighthealth.com *.google-analytics.com *.adobe.com *.gstatic.com *.googletagmanager.com *.google.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 3 default-src 'self' ; base-uri 'self'; form-action 'self' https://www.facebook.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.googletagmanager.com *.pensionsadvisoryservice.org.uk *.twitter.com https://masassets.blob.core.windows.net *.ads-twitter.com c0.adalyser.com/adalyser.js https://cdn.jsdelivr.net/npm/search-insights@2.2.1 *.adsymptotic.com https://cdn.optimizely.com https://apis.google.com/js/platform.js https://js-agent.newrelic.com/nr-1210.min.js *.googleadservices.com *.bing.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.doubleclick.net https://webchat.pensionsadvisoryservice.org.uk:8089 https://webchat.pensionsadvisoryservice.org.uk:8089/webchat/client/tracker.js https://webrtc.github.io/adapter/adapter-latest.js *.aspnetcdn.com connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com cc.cdn.civiccomputing.com insitez.blob.core.windows.net assets.adobedtm.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.pensionsadvisoryservice.org.uk https://masassets.blob.core.windows.net https://www.fingodev.co.uk https://www.fingo.co.uk fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.algolianet.com wss://webchat.pensionsadvisoryservice.org.uk:8089 *.algolia.net ipapi.co *.informizely.com *.google.com *.doubleclick.net https://masassets.blob.core.windows.net https://webchat.pensionsadvisoryservice.org.uk:8089 *.civiccomputing.com dpm.demdex.net https://*.google-analytics.com https://*.analytics.google.com maps-uk.sc.omtrdc.net https://*.googletagmanager.com https://moneypensions.tt.omtrdc.net https://cdn.linkedin.oribi.io; font-src 'self' data: fonts.googleapis.com *.pensionsadvisoryservice.org.uk https://masassets.blob.core.windows.net https://www.fingodev.co.uk https://www.fingo.co.uk fonts.gstatic.com; frame-src 'self' moneypensions.demdex.net *.moneyhelper.org.uk pension-guid-aem-tools-xoekuj7.herokuapp.com www.pensionwise.gov.uk https://partner-tools.moneyadviceservice.org.uk https://www.youtube.com https://www.facebook.com forms.office.com mas-tad-consumer-aem-321.herokuapp.com https://*.fls.doubleclick.net; img-src 'self' data: https://*.google-analytics.com *.bing.com https://masassets.blob.core.windows.net *.facebook.net *.facebook.com *.linkedin.com *.google.com https://www.fingodev.co.uk https://*.oktacdn.com https://www.google.co.uk *.adalyser.com t.co cm.everesttech.net https://www.pensionsadvisoryservice.org.uk *.demdex.net *.omtrdc.net analytics.twitter.com https://*.googletagmanager.com https://img.youtube.com 3 default-src matomo.iserv.eu forms.www-marketing.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 3 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline' 3 default-src 'none'; base-uri 'none'; frame-src *.google.com checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com checkout.stripe.com; block-all-mixed-content; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' *.bloomreach.cloud 3 upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.vip https://mangaku.co https://manganime.id https://manganime.in 3 default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://widget.trustpilot.com https://vars.hotjar.com/ https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com https://script.hotjar.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.wickedreports.com https://*.callrail.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://api.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://ws18.hotjar.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://widget.trustpilot.com https://*.wickedreports.com https://*.callrail.com https://beacon-v2.helpscout.net/ https://js.hs-banner.com https://js.hsadspixel.net https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 3 script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://insight.adsrvr.org; connect-src https://www.googletagmanager.com https://www.google-analytics.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io; frame-src https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://view.ceros.com; 3 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 3 frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 3 default-src * 'unsafe-eval' 'unsafe-inline' data:; 3 connect-src 'self' ibood.com *.ibood.com doc.ibood.io ka-p.fontawesome.com kit-uploads.fontawesome.com storage.googleapis.com *.api-ingenico.com sentry.go.ibood.cloud cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com securetoken.googleapis.com identitytoolkit.googleapis.com ibood.io *.ibood.io production.go.ibood.cloud *.production.go.ibood.cloud www.google-analytics.com api.webgains.io stats.g.doubleclick.net region1.analytics.google.com analytics.tiktok.com www.facebook.com/tr/ bat.bing.com a.clarity.ms b.clarity.ms f.clarity.ms h.clarity.ms sslwidget.criteo.com recs-us-e1a.particularaudience.com recs-eu-c1a.stg.p-a.io api.useinsider.com *.api.useinsider.com carrier.useinsider.com cronus.useinsider.com; default-src 'self' ibood.com *.ibood.com doc.ibood.io ibood.io *.ibood.io; font-src 'self' ibood.com *.ibood.com doc.ibood.io data: fonts.gstatic.com ibood.io *.ibood.io 1885932861.rsc.cdn77.org 1855054874.rsc.cdn77.org font.static.useinsider.com; frame-ancestors 'self' next.ibood.com; frame-src 'self' ibood.com *.ibood.com doc.ibood.io www.youtube.com embed.twitch.tv player.twitch.tv discord.com www.twitch.tv ibex-prd-identity-27c8.firebaseapp.com widget.trustpilot.com gum.criteo.com static.criteo.com aweucn1-3.advanced-web-analytics.com *.api.useinsider.com optimize.google.com; img-src 'self' ibood.com *.ibood.com doc.ibood.io https: blob: data:; media-src 'self' ibood.com *.ibood.com doc.ibood.io data: https:; object-src 'none'; script-src 'self' ibood.com *.ibood.com doc.ibood.io kit.fontawesome.com cdn.ravenjs.com cdn.cookielaw.org cdnjs.cloudflare.com ajax.aspnetcdn.com 'unsafe-inline' 'unsafe-eval' ibood.io *.ibood.io production.go.ibood.cloud *.production.go.ibood.cloud 1885932861.rsc.cdn77.org 1855054874.rsc.cdn77.org polyfill.io www.googleoptimize.com www.googleadservices.com www.google-analytics.com www.google.com googleads.g.doubleclick.net www.googletagmanager.com dynamic.criteo.com widget.trustpilot.com connect.facebook.net analytics.webgains.io bat.bing.com www.clarity.ms sslwidget.criteo.com analytics.tiktok.com d1fc8wv8zag5ca.cloudfront.net cdn.jsdelivr.net cdn.particularaudience.com cdn.stg.p-a.io api.useinsider.com *.api.useinsider.com skeleton-design-bundle.useinsider.com inone.useinsider.com player.twitch.tv apis.google.com optimize.google.com; style-src 'self' ibood.com *.ibood.com doc.ibood.io 'unsafe-inline' ibood.io *.ibood.io 1885932861.rsc.cdn77.org 1855054874.rsc.cdn77.org assets.api.useinsider.com skeleton-design-bundle.useinsider.com 3 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss://* http://* https://*; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com; frame-ancestors file: cdvfile: 'self'; 3 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 3 connect-src * 'self' 3 default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com bat.bing.com snap.licdn.com www.clarity.ms *.clarity.ms cdn-cookieyes.com *.hotjar.com js.hsadspixel.net js.hs-banner.com analytics.tiktok.com js.hscollectedforms.net *.sharethis.com *.hsforms.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.googleadservices.com ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com ka-p.fontawesome.com *.hotjar.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com devsitefinitystorage.blob.core.windows.net bat.bing.com www.google.com px.ads.linkedin.com dev.transactcampus.com cdn-cookieyes.com *.clarity.ms *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.googleusercontent.com *.hotjar.com; media-src 'self' data: blob:; frame-src 'self' *.transactcampus.com 0ecf577fddb14f62ad2eaa098f4a5f08.svc.dynamics.com https://www.youtube.com https://player.vimeo.com https://devsitefinitystorage.blob.core.windows.net https://dev.transactcampus.com *.hotjar.com *.hsforms.net *.hsforms.com *.google.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com www.clarity.ms; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com ka-p.fontawesome.com kit.fontawesome.com stats.g.doubleclick.net log.cookieyes.com cdn-cookieyes.com *.google.com *.clarity.ms *.cookieyes.com *.hubapi.com *.tiktok.com *.hubspot.com *.hsforms.com *.hsforms.net forms.hubspot.com *.hotjar.com *.sharethis.com; 3 report-uri https://sportsmole.report-uri.com/r/d/csp/wizard 3 default-src 'self' *.vivint.com play.vidyard.com; script-src data: 'unsafe-inline' 'unsafe-eval' *; object-src *; style-src blob: 'unsafe-inline' *; img-src data: *; media-src *; frame-src *; frame-ancestors *.vivint.com viv.drupalvm; child-src *; font-src data: *; connect-src *; report-uri /report-csp-violation 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com fonts.gstatic.com use.fontawesome.com www.google.co.uk *.dwin1.com www.google.com *.puzzel.com *.bing.com static.addtoany.com m.addthisedge.com *.addthis.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.qualtrics.com *.cloudfront.net widget.trustpilot.com fp.gdmdigital.com *.linkedin.com *.facebook.com *.typekit.net ajax.googleapis.com analytics.google.com v2.visualwebsiteoptimizer.com useruploads.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com livechat.uk2group.com www.googleadservices.com tagmanager.google.com www.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net *.uk2.net code.jquery.com *.steelhousemedia.com *.adroll.com connect.facebook.net platform.twitter.com apis.google.com tracking.websitealive.com www.gstatic.com https://www.google-analytics.com secure.leadforensics.com *.adnxs.com https://optimize.google.com; default-src 'self' data: *.puzzel.com *.uk2.net; img-src 'self' 'unsafe-inline' googletagmanager.com canarytokens.com *.uk2.net data: *.typekit.net *.gstatic.com *.bing.com secure.gravatar.com *.pingdom.net v2.visualwebsiteoptimizer.com placehold.it useruploads.visualwebsiteoptimizer.com syndication.twitter.com https://script.hotjar.com http://script.hotjar.com dev.visualwebsiteoptimizer.com livechat.uk2group.com googleads.g.doubleclick.net www.googleadservices.com *.steelhousemedia.com chart.googleapis.com widget.trustpilot.com notify.bugsnag.com stats.g.doubleclick.net www.google.com www.google.co.uk https://www.google-analytics.com 55b558c7-resources.bk-partnersasia.com csi.gstatic.com www.facebook.com images.websitealive.com tracking.websitealive.com https://optimize.google.com; style-src 'self' 'unsafe-inline' *.uk2.net www.google.co.uk *.puzzel.com *.pingdom.net https://use.fontawesome.com maxcdn.bootstrapcdn.com *.steelhousemedia.com fonts.gstatic.com www.google.com tagmanager.google.com dev.visualwebsiteoptimizer.com livechat.uk2group.com tracking.websitealive.com widget.trustpilot.com fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; frame-src 'self' *.uk2.net cdn.forms-content.sg-form.com static.addtoany.com https://vars.hotjar.com *.twitter.com *.addthis.com www.google.co.uk www.google.com *.steelhousemedia.com player.vimeo.com a5.websitealive.com www.youtube.com widget.trustpilot.com tracking.websitealive.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com dev.visualwebsiteoptimizer.com livechat.uk2group.com https://optimize.google.com; object-src 'none'; font-src 'self' *.uk2.net data: http://script.hotjar.com https://script.hotjar.com fonts.gstatic.com use.typekit.net *.puzzel.com https://use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com; connect-src 'self' *.paypal.com *.io.thehut.local mw-uk2-uat.thehut.net mw.thghosting.com static.addtoany.com googleadservices.com stats.g.doubleclick.net *.puzzel.com *.pingdom.net widget.trustpilot.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com *.uk2.net *.addthis.com dev.visualwebsiteoptimizer.com livechat.uk2group.com mw-uk2-uat.thehut.net mw.thghosting.com fonts.googleapis.com https://www.google-analytics.com www.gstatic.com connect.facebook.net bat.bing.com *.sentry.io; 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3 frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn 3 frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 3 frame-ancestors 'self' https://app.storyblok.com https://home.mindvalley.com https://*.mindvalley.com https://*.maropost.com; 3 child-src 'self' *.catawiki.com *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net blob: cdn.catawiki.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; connect-src * wss://*.catawiki.com wss://*.hotjar.com wss://*.pusher.com; default-src 'self' *.catawiki.com cdn.catawiki.net; font-src 'self' *.catawiki.com cdn.catawiki.net cdn.kustomerapp.com fonts.gstatic.com script.hotjar.com static.criteo.net; form-action 'self' *.catawiki.com www.facebook.com; frame-src *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; img-src * blob: data:; media-src cdn.builder.io videos.ctfassets.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.catawiki.com *.criteo.com amplify.outbrain.com analytics.tiktok.com assets.pinterest.com assets.zendesk.com bat.bing.com cdn.catawiki.net cdn4.userzoom.com connect.facebook.net google-analytics.com googleads.g.doubleclick.net js.stripe.com maps.googleapis.com platform.twitter.com s.pinimg.com script.hotjar.com cdn.kustomerapp.com snap.licdn.com ssl.google-analytics.com static.criteo.net static.hotjar.com tpc.googlesyndication.com w.usabilla.com widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com www.gstatic.com www.recaptcha.net; style-src 'self' 'unsafe-inline' *.catawiki.com cdn.catawiki.net fonts.googleapis.com; worker-src 'self' *.catawiki.com blob: cdn.catawiki.net 3 default-src 'self'; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' staticcontents.investis.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net viz.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' mktdplp102cdn.azureedge.net staticcontents.investis.com otp.tools.investis.com viz.tools.investis.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com; media-src 'self' *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net; connect-src 'self' www.google.co.in analytics.google.com www.facebook.com/tr/ in.hotjar.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 3 frame-ancestors 'self' https://cms.wellcome.org https://wt-corporated8-develop.codeenigma.net https://wt-corporated8-master.codeenigma.net; 3 frame-ancestors 'self' path.absolute.com www.path.absolute.com 3 frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://www.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 3 frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com 3 connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.purechat.com wss://*.purechat.com *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io; default-src 'none'; font-src static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com; frame-src 'self' www.youtube.com player.vimeo.com; img-src 'self' *.tierra.net secure.gravatar.com *.purechat.com *.wp.com *.purechatcdn.com *.amazonaws.com *.zendesk.com; media-src app.purechat.com; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com maxcdn.bootstrapcdn.com *.purechatcdn.com use.fontawesome.com *.purechat.com *.zdassets.com *.zendesk.com api.smooch.io; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3 frame-ancestors onlineislemler.turktelekom.com.tr www.turktelekom.com.tr turktelekom.com.tr bireysel.turktelekom.com.tr kurumsal.turktelekom.com.tr 3 default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net blob: data:; frame-src 'self' *.onefiserv.com *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3 default-src * data:; script-src http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline' 3 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/ https://wchat.eu.freshchat.com https://paysera.eu.webpush.freshchat.com; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; report-uri /v2/csp-violations/report 3 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3 frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net 3 font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://cnxc.wpengine.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://www.concentrix.com https://gallery.concentrix.com https://lottiefiles.com data self www.concentrix.com; frame-ancestors https://munchkin.marketo.net https://cnxc.wpengine.com https://cnxc.wpenginepowered.com https://www.concentrix.com 'self' https://gallery.concentrix.com www.concentrix.com; 3 default-src 'self'; frame-src 'self' data: https: lpcdn.lpsnmedia.net; img-src 'self' data: https: *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: googletagmanager.com google-analytics.com pi.pardot.com; style-src 'self' 'unsafe-inline' http: https: use.fontawesome.com; font-src 'self' data: http: https: use.typekit.net; connect-src 'self' data: http: https: google-analytics.com analytics.google.com googletagmanager.com; 3 connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com *.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.analytics.google.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com images.ctfassets.net *.serving-sys.com analytics.tiktok.com *.taboola.com; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' maps.googleapis.com s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com cdn.scaleflex.it analytics.tiktok.com *.taboola.com; script-src *.dynatrace.com assets.ducati.com platform.twitter.com s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com; frame-src pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be www.facebook.com *.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com; img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com; script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com; style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com 3 frame-ancestors 'self' https://*.khapps.com https://*.khapps.jp; 3 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self'; 3 default-src 'self' *.posti.fi *.googlesyndication.com; style-src 'unsafe-inline' 'self' *.posti.fi optimize.google.com tagmanager.google.com fonts.googleapis.com *.force.com *.salesforce.com *.euc-freshbots.ai; font-src 'self' data: *.posti.fi *.hotjar.com *.force.com *.sfdcstatic.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.posti.fi cdn.ampproject.org *.doubleclick.net https://www.googleoptimize.com/ adservice.google.fi adservice.google.com optimize.google.com *.usemessages.com *.adform.net *.leadoo.com analytics.tiktok.com forms.hsforms.com js.hsforms.net js.hs-banner.com js-agent.newrelic.com bam.eu01.nr-data.net *.hs-scripts.com js.hsleadflows.net js.hs-analytics.net sb.scorecardresearch.com connect.facebook.net www.googletagservices.com *.typeform.com *.krxd.net *.force.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.hotjar.com maps.googleapis.com locationservice.posti.com/location *.my.salesforce.com *.salesforceliveagent.com *.declaration.postinext.fi *.lfeeder.com *.euc-freshbots.ai *.declaration.posticloud.fi *.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi ajax.googleapis.com *.googlesyndication.com www.googleadservices.com cdnjs.cloudflare.com www.google.com *.licdn.com code.jquery.com js.hsadspixel.net api.hubapi.com www.gstatic.com; frame-src optimize.google.com *.typeform.com *.krxd.net app.hubspot.com www.googletagmanager.com www.googletagservices.com forms.hsforms.com *.googlesyndication.com *.hotjar.com *.posti.fi www.facebook.com www.youtube.com *.force.com *.salesforce.com *.onetrust.mgr.consensu.org bot.leadoo.com client.myzef.com www.google.com postidigital.github.io jakelu.posti.fi *.doubleclick.net; child-src 'self' *.hotjar.com; img-src 'self' blob: data: *.posti.fi optimize.google.com *.googlesyndication.com forms.hsforms.com *.krxd.net *.force.com www.facebook.com www.googletagmanager.com sb.scorecardresearch.com *.hubspot.com maps.googleapis.com ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.fi www.google.com www.netposti.fi *.doubleclick.net *.hotjar.com *.ctfassets.net maps.gstatic.com *.lfeeder.com *.freshbots.ai *.euc-freshbots.ai *.cookielaw.org *.onetrust.com code.jquery.com *.postinext.fi *.linkedin.com dmp.adform.net www.googleadservices.com *.adsymptotic.com cdn.posti.fi analytics.tiktok.com; connect-src 'self' *.posti.fi adservice.google.fi adservice.google.com optimize.google.com maps.googleapis.com bam.eu01.nr-data.net *.salesforceliveagent.com vc.hotjar.io api.posti.com *.api.posti.com *.api.posti.fi *.hubspot.com *.hsforms.com *.hubapi.com vbvavibkgkermrl.form.io *.google-analytics.com www.google-analytics.com *.doubleclick.net *.force.com locationservice.posti.com *.leadoo.com analytics.tiktok.com *.hotjar.com wss://*.hotjar.com picc.posti.fi:* picc8.posti.fi:* *.form.io www.facebook.com *.declaration.postinext.fi *.declaration.posticloud.fi *.euc-freshbots.ai *.pusher.com wss://*.pusher.com prd.graphql.posticloud.fi/graphql *.cookielaw.org *.onetrust.com *.postinext.fi *.googlesyndication.com *.execute-api.eu-west-1.amazonaws.com www.google.com forms.hsforms.com; media-src 'self' *.ctfassets.net; frame-ancestors 'self' apps.itella.com salesfra.me; object-src 'none'; 3 default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com; 3 frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://fl.fmpedia.lc/ https://fl.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://forexlive.com/ https://forexlive.com:3006/ https://*.forexlive.com/ https://*.forexlive.com:3006/; 3 frame-ancestors 'self'; script-src 'unsafe-inline' 'self' blob: 3 frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 3 default-src 'self' *.grdp.co blob:; img-src 'self' blob: data: https://releases/traefik/02-csp-middleware.yamlgrdp.co https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com https://ventes40.gotrackier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' https://google.com https://byju.pc.cdn.bitgravity.com *.gradestack.co *.byjusexamprep.com https://gradeup-streaming.tllms.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com; style-src 'self' blob: data: *.grdp.co 'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data: https://byjusexamprep.com gradestack.com; media-src 'self' blob: data: *.grdp.co https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://d2r1yp2w7bby2u.cloudfront.net/js/clevertap.min.js https://eu1.clevertap-prod.com https://connect.facebook.net https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com https://builder-assets.unbounce.com/published-js/ https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com https://www.youtube.com ; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 3 connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' tal.de *.tal.de; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' tal.de *.tal.de https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.tal.de/st/csp-violator.py 3 frame-ancestors *.macsales.com *.ntdist.com *.owcnow.com www.sjwoe.com *.owc.com:* 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com j.6sc.co bam.nr-data.net cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com *.cloudfront.net *.netlify.app plausible.io *.cookielaw.org *.onetrust.com *.buzzsprout.com *.lingotek.com *.boldchat.com *.nanorep.co *.microsoftstream.com cdn.ampproject.org *.force.com *.site.com *.salesforce.com *.salesforceliveagent.com cdn.jsdelivr.net; media-src 'self' *.vimeo.com *.youtube.com https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net *.cloudfront.net bakerhughes.nanorep.com *.evolutioneng.com; frame-src 'self' *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net 11146811.fls.doubleclick.net youtu.be *.google.com *.yammer.com login.microsoftonline.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com player.vimeo.com *.buzzsprout.com anchor.fm apps.kaonadn.net *.boldchat.com web.microsoftstream.com https://infogram.com service.force.com https://bid.g.doubleclick.net https://play.goconsensus.com; frame-ancestors 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com *.smartsheet.com s3.amazonaws.com https://play.goconsensus.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com d8ejoa1fys2rk.cloudfront.net use.typekit.net; report-uri /report-csp-violation 3 img-src 'self' data: *.hypernode.com *.hypernode.nl *.hubspot.com *.linkedin.com *.licdn.com p.adsymptotic.com *.google-analytics.com *.google.com www.google.com.bd www.google.pl www.google.nl www.google.de www.google.co.uk www.google.co.in www.google.ae www.google.fr www.google.ge www.google.co.tz www.google.pk www.google.be www.google.ro www.gstatic.com *.gravatar.com www.googletagmanager.com t.co cdn2.hubspot.net *.hubspotusercontent-na1.net *.hsforms.com www.facebook.com https://collector.leadinfo.net https://cdn.leadinfo.net motu.teamblue.services *.twitter.com;; script-src-elem 'unsafe-inline' 'self' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com cdn.leadinfo.net motu.teamblue.services fast.wistia.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com *.hypernode.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com www.youtube.com cdn.leadinfo.net snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com motu.teamblue.services https://platform.linkedin.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com https://cdn.leadinfo.net;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src *.oribi.io *.google.com *.hubspot.com api.hubapi.com www.facebook.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com stats.g.doubleclick.net *.google-analytics.com 'self' www.google.co.in www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be *.cdn77.org code.jquery.com *.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com *.hypernode.io *.make.com https://api.leadinfo.com https://collector.leadinfo.net *.teamblue.services *.gcp.cloud.es.io;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl cdn.megabonus.com use.typekit.net *.hypernode.nl *.hypernode.com https://cdn.leadinfo.net;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com www.facebook.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com www.facebook.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com 'self' yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; prefetch-src 'self';; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 3 frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 3 frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; 3 default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' 'unsafe-eval' blob: http: https: ; style-src 'unsafe-inline' *; img-src http: https: data: ; font-src http: https: data: blob: ; media-src * blob: 3 base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob:; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 3 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 3 child-src blob:;connect-src https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io popup.wisepops.com app.wisepops.com tracking.wisepops.com cdn.wisepops.com activity.wisepops.com backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com wss://*.hotjar.com vc.hotjar.io ip2c.org autocomplete.geocoder.ls.hereapi.com geocoder.ls.hereapi.com reverse.geocoder.ls.hereapi.com *.batch.com *.axept.io tags.data-driven.fr *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io;form-action 'self' www.facebook.com;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com *.axept.io *.contentsquare.net;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io tags.data-driven.fr cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com;upgrade-insecure-requests;worker-src 'self' blob:;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 3 connect-src 'self' stats.g.doubleclick.net omappapi.com *.cookiebot.com heapanalytics.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' https://*.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' heapanalytics.com https://tagmanager.google.com fonts.googleapis.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' www.googletagmanager.com data: *; manifest-src 'self'; media-src 'self'; script-src 'self' https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src https://forms.zohopublic.eu/ https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://account.limesurvey.org/violation.php; 3 frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' *.crazyegg.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/ *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/ https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/ https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 3 upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3 default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 3 script-src 'self' 'unsafe-inline' munchkin.marketo.net *.facebook.net *.googletagmanager.com *.mxpnl.com *.chtbl.com *.barracudamsp.com *.cookielaw.org *.marketo.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.demandbase.com *.vidyard.com *.adroll.com *.licdn.com *.redditstatic.com *.liveperson.net *.lpsnmedia.net assets.adobedtm.com *.driftt.com *.searchcdn.com 3 frame-ancestors 'self' *.swp.de *.lr-online.de *.moz.de; 3 default-src 'self' data: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * 'self' 'unsafe-inline' data:; frame-src *; style-src * 'unsafe-inline'; 3 default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; form-action 'self'; 3 frame-ancestors 'self' https://z1.le.liveperson.net; 3 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' secure.facebook.com internalfb.com *.internalfb.com connect.facebook.net;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' internalfb.com *.internalfb.com secure.facebook.com graph.intern.facebook.com wss://*.internalfb.com wss://*.internalfb.com:* https://*.whatsapp.com/graphql/;font-src data: internalfb.com *.internalfb.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com internalfb.com *.internalfb.com data: blob: *;media-src *.fbcdn.net internalfb.com *.internalfb.com data: blob: *;frame-src internalfb.com *.internalfb.com data: blob: *;block-all-mixed-content;upgrade-insecure-requests; 3 default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.staging.wlp.cloud *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap apps.mypurecloud.de; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.staging.wlp.cloud apps.mypurecloud.de *.ewe.de; media-src data.ewe.de; 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.hk *.interactivebrokers.ch *.interactivebrokers.eu *.interactivebrokers.com.sg *.ibkr.com.sg *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.lynxbroker.com impact.interactivebrokers.com widgets.tipranks.com site.recognia.com *.portfolioanalyst.com portfolioanalyst.com www.portfolioanalyst.com www.interactivebrokers.com https://www.interactivebrokers.com/ ibkr.paxosclients.com *.greenwichcompliance.com; 3 default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/; 3 default-src 'self' *.go-jek.com *.cloudfront.net *.doubleclick.net *.jsdelivr.net *.googletagmanager.com *.onetrust.com t.co *.twitter.com *.google.co.id *.google.com *.ads-twitter.com *.appier.net *.googleadservices.com *.facebook.net *.facebook.com *.google-analytics.com *.bidence.net *.youtube.com *.gssprt.jp *.gammaplatform.com *.rubiconproject.com *.adnxs.com *.toast.com *.pubmatic.com *.bidswitch.net *.openx.net *.meba.kr *.ad-stir.com *.smaato.net *.mobon.net *.issuu.com *.googleusercontent.com *.amazonaws.com *.adsrvr.org; style-src 'self' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.jsdelivr.net *.googletagmanager.com *.onetrust.com *.ads-twitter.com *.appier.net *.googleadservices.com *.facebook.net *.google-analytics.com *.doubleclick.net *.youtube.com *.adsrvr.org; 3 default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https://m.lndg.page dash-staging.bounceexchange.com assets.bounceexchange.com *.fls.doubleclick.net bid.g.doubleclick.net https://player.vimeo.com/ *.photorank.me *.hotjar.com *.facebook.com *.google.com *.instagram.com *.youtube.com *.pinterest.com https://www.sandbox.paypal.com *.clarity.ms www.pinterest.co.uk *.openpay.mx https://www.pinterest.ch https://www.pinterest.cl https://www.pinterest.es https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie tsdtocl.com *.tangiblee.com www.paypal.com www.paypalobjects.com www.googletagmanager.com emersya.com cdn.emersya.com *.opencontrol.mx https://www.recaptcha.net https://outlook.office365.com https://dem.mysingleromance.com https://us-device-pro1.csftr.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com csxd.victorinox.com csxd.swissarmy.com ; report-to csp-endpoint ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.kameleoon.eu *.kameleoon.com *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.kameleoon.eu *.kameleoon.com *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.profity.uk *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx tpc.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com ; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com *.kameleoon.eu *.kameleoon.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com ; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.kameleoon.eu *.kameleoon.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io ; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com *.kameleoon.eu *.kameleoon.com assets-static.victorinox.com static.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com; frame-ancestors https://*.ge.ch; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch; font-src 'self'; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch; report-uri /report-csp-violation 3 default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; 3 frame-ancestors 'self' https: 3 frame-scr https://library.ymcapps.net 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src 'self' https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 3 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; connect-src 'self' https: wss://*.hotjar.com wss://*.hotjar.io 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net b.6sc.co c.6sc.co j.6sc.co secure.adnxs.com *.adobe.com assets.adobedtm.com *.adsrvr.org static.ads-twitter.com p.adsymptotic.com *.advancedfundsolutions.com *.akafms.net *.akamaihd.net ingestion-upload-production.s3.amazonaws.com/ platform.asset.tv *.atlcap.com *.bcovlive.io *.bcvp0rtal.com match.prod.bidr.io bat.bing.com tags.bluekai.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.calvert.com *.morganstanley.com *.ms.com *.msim.com cdn.polyfill.io/v2/polyfill.sj cdnjs.cloudflare.com *.cloudfront.net api.company-target.com segments.company-target.com *.custombeta.com *.demandbase.com *.demdex.net dev-drwebsite www.dianomi.com *.doubleclick.net *.eatonvance.at *.eatonvance.ch *.eatonvance.co.kr *.eatonvance.co.uk *.eatonvance.com *.eatonvance.com.au *.eatonvance.de *.eatonvance.dk *.eatonvance.fi *.eatonvance.ie *.eatonvance.jp *.eatonvance.nl *.eatonvance.no *.eatonvance.se *.eatonvance.sg proxy-bedford.eatonvance.com:8443 *.eatonvancecounsel.com eatonvanceinvestment.tt *.eatonvancerealestate.com *.analytics.edgekey.net ejohn.org cm.everesttech.net *.evmanagement.com *.evwateroak.com xbrl.fasb.org servedby.flashtalking.com fluidproject.org *.fml-x.com fml-x.com *.gallerysites.net gateway.zscalertwo.net getbootstrap.com www.giftcalcs.com www.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com vds.issgovernance.com weblogs.java.net www.joostdevalk.nl code.jquery.com static.knowledgevision.com www.kryogenix.org snap.licdn.com *.linkedin.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net *.morningstar.com hello.myfonts.net js-agent.newrelic.com *.nextshares.com bam.nr-data.net javascript.nwbox.com *.omtrdc.net onlinexperiences.com *.parametricportfolio.com pi.pardot.com cdn.polyfill.io www.riddle.com id.rlcdn.com xbrl.sec.gov seekingalpha.com t.sf14g.com www.storygize.net t.co analytics.twitter.com platform.twitter.com cloud.typography.com ww.math.ubc.ca *.uscharitablegifttrust.org *.uslegacyincometrusts.org bcove.video www.w3.org xbrl.org youtube.com vjs.zencdn.net *.dynatrace.com blob: data: 3 default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3 default-src 'self'; frame-ancestors 'self' *.arista.com; form-action 'self' *.arista.com *.onelogin.com *.salesforce.com forms.hsforms.com syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' customer.cludo.com cdn.cookielaw.org geolocation.onetrust.com js.hsforms.net forms.hsforms.com js-na1.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com *.smartrecruiters.com www.google.com www.gstatic.com www.google-analytics.com maps.google.com *.googleapis.com platform.twitter.com cdn.syndication.twimg.com connect.facebook.net platform.linkedin.com www.youtube.com; connect-src 'self' api-eu1.cludo.com api.cludo.com cdn.cookielaw.org geolocation.onetrust.com forms.hsforms.com privacyportal.onetrust.com www.google-analytics.com stats.g.doubleclick.net forms.hubspot.com; child-src 'self' www.google.com www.youtube.com forms.hsforms.com www.facebook.com platform.twitter.com syndication.twitter.com web.facebook.com js.hs-analytics.net www.google-analytics.com *.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: customer.cludo.com perf.hsforms.com i.ytimg.com cdn.cookielaw.org *.gstatic.com maps.google.com *.googleapis.com *.ggpht.com platform.twitter.com *.twimg.com syndication.twitter.com track.hubspot.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com; upgrade-insecure-requests; report-uri /csp-report/ 3 frame-ancestors 'self' https://app.hubspot.com https://app-eu1.hubspot.com https://static.hsappstatic.net https://www.sits.ch https://www.sits-group.ch https://www.gcl-it.de https://www.sits-d.de https://www.pallas.com;block-all-mixed-content;default-src https://www.sits.ch https://www.sits-group.ch;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hsforms.net https://js.hsformsqa.net https://js-eu1.hsadspixel.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-scripts.com https://www.sits-group.ch https://connect.facebook.net https://matomo.sits-group.ch https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/jsapi https://www.gstatic.com/charts/ https://ajax.googleapis.com/ajax/libs/scriptaculous/ https://ajax.googleapis.com/ajax/libs/prototype/ https://cdnjs.cloudflare.com/ajax/libs/ https://www.youtube.com https://boards.eu.greenhouse.io;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.pallas.com https://www.sits-group.ch https://fonts.googleapis.com;object-src https://www.sits-group.ch https://www.sits-d.de https://www.pallas.com https://www.sits.ch;frame-src https://forms-eu1.hsforms.com https://static.hsappstatic.net https://app-eu1.hubspot.com https://app.hubspot.com https://www.sits.ch https://www.sits-group.ch https://www.youtube-nocookie.com https://www.pallas.com https://www.sits-d.de https://mozbar.moz.com https://www.youtube.com https://www.gcl-it.de https://boards.eu.greenhouse.io/;child-src blob: https://www.sits-group.ch;img-src 'self' data: https://static.hsappstatic.net https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://forms.hsforms.com https://www.google.ch/pagead https://secure.gravatar.com https://s.w.org https://www.sits-d.de https://i.ytimg.com https://ps.w.org https://www.sits.ch https://library.elementor.com https://www.gcl-it.de https://www.pallas.com https://matomo.sits-group.ch https://jobs.sits-group.ch https://api.unlimited-elements.com https://www.facebook.com https://www.gstatic.com https://devweb.sits-group.ch https://www.sits-group.ch;font-src 'self' data: https://fonts.gstatic.com;connect-src https://api-eu1.hubapi.com https://js-eu1.hs-banner.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hsforms.com https://forms-eu1.hubspot.com https://exceptions.hubspot.com https://salesviewer.org https://api.friendlycaptcha.com https://www.sits.ch https://www.gcl-it.de https://www.pallas.com https://yoast.com https://www.sits-d.de https://devweb.sits-group.ch https://matomo.sits-group.ch https://www.sits-group.ch https://fonts.gstatic.com https://s.w.org;manifest-src 'none';base-uri 'self';form-action https://forms-eu1.hsforms.com https://www.gcl-it.de https://www.pallas.com https://www.sits-d.de https://www.sits-group.ch https://www.sits.ch;media-src data: https://s.w.org/images/core/;prefetch-src 'none';worker-src blob: https://www.sits.ch https://www.sits-group.ch https://www.pallas.com https://www.gcl-it.de https://www.sits-d.de; 3 frame-ancestors 'self' https://newapp.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 3 frame-ancestors self googleads.g.doubleclick.net www.youtube.com propellerads.com 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://www.googletagservices.com *.googleapis.com *.gstatic.com https://unpkg.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com downpaymentresource.com https://www.youtube.com https://mba.aristotle.com https://votervoice.net https://www.votervoice.net https://www.facebook.com *.servedbyadbutler.com servedbyadbutler.com https://servedbyadbutler.com/app.js https://www.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com *.feathr.co; style-src 'self' 'unsafe-inline' https://unpkg.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com servedbyadbutler.com https://mba.org/fonts/842968/B8147DC6CD8754759.css https://cloud.typography.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com https://cloud.typography.com/ data:; img-src 'self' https://apps.mba.org https://match.adsrvr.org *.linkedin.com https://analytics.twitter.com https://t.co *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com servedbyadbutler.com https://www.servedbyadbutler.com *.feathr.co; media-src 'self' data: blob: https://www.youtube.com; frame-src 'self' https://ad.doubleclick.net https://www.google.com downpaymentresource.com https://www.youtube.com https://mba.aristotle.com https://www.votervoice.net https://votervoice.net https://www.facebook.com *.servedbyadbutler.com servedbyadbutler.com https://servedbyadbutler.com/app.js https://www.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com servedbyadbutler.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com servedbyadbutler.com *.feathr.co https://2thepoint.blog/; 3 frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ 3 frame-ancestors *.firsthorizon.com 3 report-uri https://www.hoka.com/_/csp-reports?siteKey=d494UHifw_Ts-A 3 default-src 'self' https://*.fico.com; script-src 'self' 'unsafe-inline' https://*.trustarc.com https://ipinfo.io https://www.googletagmanager.com https://www.googleoptimize.com https://*.optimizely.com https://*.driftt.com https://sc.lfeeder.com https://www.google-analytics.com https://vidassets.terminus.services https://*.cloudflare.com https://www.youtube.com https://cdn.jsdelivr.net https://code.highcharts.com https://*.ceros.com https://js-agent.newrelic.com https://content.fico.com https://*.fico.com https://bam.nr-data.net https://*.adroll.com https://analytics.convertlanguage.com https://*.google.com https://*.gstatic.com https://unpkg.com https://wec-assets.terminus.services https://wec-assets-api.terminus.services https://pi.pardot.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.trustarc.com https://www.google.com https://match.adsrvr.org https://wec-assets.terminus.services https://match.adsrvr.org https://www.googletagmanager.com https://wec-assets-api.terminus.services https://*.vimeocdn.com https://*.adroll.com https://*.cintnetworks.com; media-src 'self' https://*.driftt.com https://*; frame-src 'self' https://*.trustarc.com https://*.optimizely.com https://www.youtube.com https://*.driftt.com https://player.vimeo.com https://*.ceros.com https://fico.gcs-web.com https://api.nasdaqomx.wallst.com https://*.vimeo.com https://*.google.com; frame-ancestors 'self' https://*.fico.com; child-src 'none'; font-src 'self' https://fonts.gstatic.com https://*.trustarc.com; connect-src 'self' https://*.google-analytics.com https://ipinfo.io https://*.analytics.google.com https://logx.optimizely.com https://stats.g.doubleclick.net https://rum.optimizely.com https://errors.client.optimizely.com https://*.driftt.com https://bam.nr-data.net; report-uri /report/csp-directive-violation 3 frame-ancestors home.siberianhealth.com; 3 frame-ancestors 'self' https://dev.vatrix.eu; img-src * data: blob: 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 3 report-uri / 3 frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 3 default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://uimarketpro.com https://static-prod.uberall.com/ https://uberall.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://*.adform.net; connect-src 'self' https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://geolocation.onetrust.com https://pubsub.googleapis.com https://uberall.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: https://www.googletagmanager.com https://static-prod.uberall.com http://www.acens.com https://*.acens.com https://panel.acens.net https://cdn.cookielaw.org https://img.youtube.com https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://centrodedatos.com/ https://www.google.com https://www.facebook.com/ https://www.youtube.com/; manifest-src 'self'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com *.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/; style-src * 'unsafe-inline'; img-src *; connect-src *; prefetch-src https://play.vidyard.com/; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/; frame-ancestors 'self' http://lionbridge.com:8000 3 block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.airnewzealand.com.cn okings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' ; frame-src 'self' *.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz sec.windcave.com uat.windcave.com hotels.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 3 default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 3 child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com;font-src 'self' fonts.gstatic.com;frame-src 'self';frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3 frame-ancestors https://engage.bruker.com https://tongji.baidu.com self; 3 frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 3 default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 3 default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3 default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io forms.hubspot.com analytics.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com 'unsafe-inline'; frame-ancestors 'none'; frame-src play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co app.hubspot.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com; connect-src 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com api.hubspot.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io forms.hubspot.com analytics.google.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com; prefetch-src play.vidyard.com *.cdntwrk.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' https://*.sciquest.com https://*.ariba.com; 3 default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3 default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-1a1197c2-9cc0-48d5-9f62-a42c89e52386'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-1a1197c2-9cc0-48d5-9f62-a42c89e52386'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 3 default-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src self https:; 3 frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/ https://tiet01mstr6v7esprep.dxcloud.episerver.net/ 3 child-src blob:; default-src https: wss://*.hotjar.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; upgrade-insecure-requests; 3 frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.addthis.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 3 default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 3 default-src 'self' https://www.facebook.com/ https://marketing.space.net/; style-src 'self' 'unsafe-inline' https://marketing.space.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://marketing.space.net/ https://*.vimeocdn.com/; form-action 'self' https://www.facebook.com/ *.space.net/; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://marketing.space.net/; img-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net/ data:; object-src 'none'; font-src 'self'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.googletagmanager.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 3 frame-ancestors 'self' portal vdnh.ru metrika.yandex.ru metrika.yandex.com metrika.yandex.ru metrika.yandex.com.tr expo.vdnh.ru webvisor.com *.webvisor.com com sc.bi.mos.ru bi.mos.ru *.bi.mos.ru *.bi.mos.ru 3 frame-ancestors 'self' www.elsiglodetorreon.com.mx www.elsiglodedurango.com.mx tar.mx elsiglo.mx localhost http://localhost el.siglo.mx 3 default-src 'none'; child-src 'self' https: blob:; connect-src 'self' https://*.doubleclick.net https://*.google.com https://*.visualwebsiteoptimizer.com https://*.flex.com https://*.acsbapp.com https://*.google-analytics.com https://sumo.com https://dc.services.visualstudio.com https://*.brightcove.com https://*.boltdns.net https://*.akamaihd.net; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; media-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.linkedin.com https://*.brightcove.net https://*.jquery.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.licdn.com https://*.sumo.com https://*.flex.com https://acsbapp.com https://*.pushcrew.com https://*.vo.msecnd.net https://reddit.com https://*.zencdn.net; style-src 'self' https: 'unsafe-inline'; worker-src 'self' blob: 3 frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://www.mdon-line.com/ https://inovalon.canto.com; 3 default-src 'self' 'unsafe-inline' *.bam-x.com *.narrativ.com *.planethowl.com *.braze.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.hotjar.com *.klaviyo.com *.segment.com *.segment.io *.webflow.com webflow.com d3e54v103j8qbb.cloudfront.net js.appboycdn.com wss://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/jquery-nice-select/; font-src 'self' data: *.webflow.com; object-src 'none'; style-src 'unsafe-inline' https:; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'none'; upgrade-insecure-requests; 3 default-src 'self' sit.encoded.services live.encoded.services *.hotjar.io *.hotjar.com 'unsafe-inline' *.agendize.com vimeo.com *.vimeo.com *.openstreetmap.org *.instagram.com *.facebook.net www.youtube.com *.youtube.com www.google.com *.google.com googlesyndication.com *.googlesyndication.com *.www.isleofman.com 'unsafe-inline' *.google.com googlesyndication.com *.googlesyndication.com sentry.yabsta.net cdn.ravenjs.com www.google.com *.www.isleofman.com *.gstatic.com www.googletagservices.com www.googletagmanager.com *.google-analytics.com *.twitter.com *.facebook.net *.simpli.fi www.facebook.com *.facebook.com *.twimg.com *.doubleclick.net *.googleapis.com;img-src * data: blob:;font-src * data:;frame-src *; 3 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 3 default-src 'self'; connect-src 'self' https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://uathelpchat.tataplay.com/ https://helpchat.tataplay.com/ ; img-src 'self' https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com data: ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' bytedance: https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://helpchat.tataplay.com/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ ; object-src 'self' https://docs.google.com/ ; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 3 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data: https:; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; prefetch-src *; child-src * 'self' data: https: blob:; base-uri *; 3 frame-ancestors https://*.1-grid.com/ 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 3 frame-ancestors 'self' *.telekurier.at; 3 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors *.rwjbh.org www.mychart.com; 3 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none' 3 default-src photomath.net photomath.app photomath.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mathjax.org tcms.photomath.net tpip.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com static.hotjar.com connect.facebook.net analytics.tiktok.com script.hotjar.com edge.fullstory.com; connect-src 'self' cms.photomath.net tcms.photomath.net pip.photomath.net www.google-analytics.com stats.g.doubleclick.net script.google.com www.facebook.com analytics.tiktok.com region1.google-analytics.com in.hotjar.com vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com edge.fullstory.com rs.fullstory.com api.db-ip.com; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com d2fi4ri5dhpqd1.cloudfront.net www.facebook.com rs.fullstory.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' about: data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com vars.hotjar.com; object-src 'self'; manifest-src photomath.com; media-src photomath.com player.vimeo.com vod-progressive.akamaized.net; 3 report-uri https://appserver-e5a8503e-nginx-cfc95b5e3180459a993af7d6f262ff6b 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3 frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.journal-news.com https://editions.journal-news.com 3 script-src 'self' https://2checkout.com http://* https://* 'unsafe-inline' 'report-sample' disqus.com c.disquscdn.com platform.instagram.com cdnjs.cloudflare.com z.moatads.com tpcf.feedify.net cdn.feedify.net feedify.net www.google.com/ www.gstatic.com/ call.chatra.io code.jquery.com cdn.amcharts.com code.highcharts.com kenwheeler.github.io cdn.jsdelivr.net a.disquscdn.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com gist.github.com/ScottHelme/ static.cloudflareinsights.com js.stripe.com https://unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' 'report-sample' c.disquscdn.com a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.feedify.net feedify.net kenwheeler.github.io platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: www.gravatar.com cdn.feedify.net feedify.net links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com www.google-analytics.com stripe.com/ 2checkout.com/; frame-ancestors 'none'; report-uri https://cdn.feedify.net.report-uri.com/r/d/csp/enforce; report-to default 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' blob:; font-src 'self' *.googleapis.com *.googleusercontent.com *.gstatic.com acsbapp.com data:; connect-src 'self' * blob:; report-uri /report-csp-violation 3 default-src 'self' www.google-analytics.com mc.yandex.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; font-src 'self' hotelscheck.com.ru; connect-src 'self' www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com unsafe-inline 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' data: *; frame-src 'self' carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com; script-src 'self' www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com unsafe-inline 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com unsafe-inline 'unsafe-inline' 'self'; 3 frame-ancestors 'self' https://borisfx.com/documentation/silhouette/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022.5/;, frame-ancestors 'self' https://borisfx.com/documentation/optics/; 3 frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 3 default-src 'self' *.novica.com *.novica.net;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src * blob:;img-src * data:;frame-src *;connect-src *;media-src *;font-src *; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 3 default-src 'self' *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' qvdt3feo.com *.appdynamics.com *.zoominfo.com *.googleadservices.com *.bttrack.com bttrack.com *.clarity.ms *.intentsify.io *.bizible.com *.easy7bear.com ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com *.hotjar.com *.clickagy.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com; img-src * data:; font-src 'self' *.bttrack.com http://script.hotjar.com https://script.hotjar.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' pdx-col.eum-appdynamics.com cdn.linkedin.oribi.io *.tt.omtrdc.net *.zoominfo.com *.google.com *.google-analytics.com *.bttrack.com bttrack.com *.clarity.ms *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com *.clickagy.com; media-src * 'unsafe-inline'; frame-src 'self' *.fls.doubleclick.net *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org go.ceridian.com *.hotjar.com; frame-ancestors 'self' *.highspot.com *.ceridian.com 3 frame-ancestors 'self' *.westchestergov.com *.westchestercatalyst.com westchestercatalyst.com *.westchesteronestop.com *.westchesterda.net westchesterda.net *.westchesterlegislators.com westchesterlegislators.com; 3 img-src * data:; default-src * 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.masimopersonalhealth.com/ https://masimopersonalhealth.co.uk https://getshogun.com/ https://*.masimo.com/ https://*.masimo.co.uk/ https://*.masimo.it/ https://*.masimo.es/ https://*.masimo.de/ https://*.masimo.it/ https://*.masimo.ca/; 3 default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; 3 frame-ancestors 'self' https://next.brella.io/ 3 default-src 'self' https://*.cms.vwfs.tools ; img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de https://cms-assets.vwfs.io https://smetrics.vwfs.com https://mediaservice.audi.com https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com ; script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com https://target.vwfs.com https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org https://*.google.com; style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://*.google.com; connect-src 'self' blob: https://vimeo.com https://*.youtube.com https://calculator.vwfs.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://cdn.mercury.ai https://webchat.mercury.ai https://co-browsing.mercury.ai wss://co-browsing.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org ; frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ; object-src 'none' ; font-src 'self' https://fonts.gstatic.com https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com ; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net ; media-src https://www.youtube-nocookie.com 'self' ; 3 default-src 'self' blob:; img-src 'self' *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com *.amazonaws.com consent.cookiefirst.com *.ytimg.com platform-api.sharethis.com *.livehelpnow.net *.pcdn.co *.sharethis.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.amazonaws.com *.gstatic.com *.cloudfront.net *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.nstitan.com mecdb.myecheck.com www1.myecheck.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.sg data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com maps.googleapis.com optimize.google.com cdn-dev.flptitan.com blob: *.flptitan.com *.foreverliving.com *.s3.us-east-1.amazonaws.com *.googleapis.com *.ppipe.net *.nextsphere.com *.nstitan.com *.oppwa.com *.flptitanqa.com mecdb.myecheck.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com *.google-analytics.com stats.g.doubleclick.net www.google.com *.clicktale.net data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com *.facebook.com *.googletagmanager.com maps.googleapis.com optimize.google.com *.boxcloud.com *.fedex.com *.google.co.uk *.google.ie widgets.trustedshops.com *.google.com.mm; script-src 'self' *.userlike.com *.cdn01.boxcdn.net *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.userlike.com *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.cloudfront.net *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com platform-api.sharethis.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com *.googleapis.com *.flptitanqa.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com *.s3.amazonaws.com *.nextsphere.com *.nstitan.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com test.oppwa.com maxcdn.bootstrapcdn.com *.ppipe.net *.facebook.net *.authorize.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com mecdb.myecheck.com *.clicksafe.lloydstsb.com www1.myecheck.com oppwa.com acaptureservices.com consent.cookiefirst.com test.oppwa.com *.paypal.com *.paypalobjects.com widgets.trustedshops.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.livehelpnow.net *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.nstitan.com *.oppwa.com mecdb.myecheck.com *.flptitanqa.com *.acaptureservices.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.boxcdn.net edge.cookiefirst.com googletagmanager.com consent.cookiefirst.com cdn.honey.io 'unsafe-inline'; font-src 'self' *.boxcdn.net *.cdn01.boxcdn.net *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net www1.myecheck.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social mecdb.myecheck.com *.bootstrapcdn.com *.nstitan.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' wss://umd.userlike.com wss://chat.userlike.com *.cloudfront.net api.cookiefirst.com consent.cookiefirst.com edge.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org platform-api.sharethis.com *.livehelpnow.net *.consensu.org *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google-analytics.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com *.ppipe.net vimeo.com *.authorize.net mecdb.myecheck.com *.oppwa.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.nstitan.com s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com *.flptitanqa.com oppwa.com *.google-analytics.com www.googletagmanager.com api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com *.google.co.in www.youtube.com youtube.com *.youtube.com *.s3-eu-west-1.amazonaws.com blob:; media-src 'self' *.amazonaws.com *.userlike.com *.flptitan.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com *.amazonaws.com blob:; frame-src 'self' *.ngenius-payments.com api.nexiopaysandbox.com api.nexiopay.com *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com platform-api.sharethis.com *.sharethis.com *.mgr.consensu.org walls.io player.vimeo.com *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.nextsphere.com *.worldpay.com *.nextsphere.com vimeo.com *.oppwa.com mecdb.myecheck.com *.acaptureservices.com www1.myecheck.com *.nstitan.com *.flptitanqa.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com optimize.google.com pay.google.com *.vimeo.com oppwa.com optimize.google.com *.nexiopaysandbox.com youtu.be www.youtube.com youtube.com; frame-ancestors 'self' *.socialsales.io socialsales.io foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com flptitanqa.com *.flptitanqa.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com youtu.be flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com www.youtube.com youtube.com *.worldpay.com 3 default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com *.googletagmanager.com platform.twitter.com shanx.matomo.com *.amazonaws.com apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com cdn-images.mailchimp.com *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com data: https:; style-src 'self' 'unsafe-inline' *.shanx.com cdn-images.mailchimp.com *.karlaporter.com *.amitavac.com *.ionicframework.com use.typekit.net fonts.adobe.com fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com use.typekit.net *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src https:; media-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; 3 default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 3 frame-ancestors 'self' htt