Values for content-security-policy:
upgrade-insecure-requests 11,869
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 11,869
upgrade-insecure-requests; 6,192
frame-ancestors 'self' 4,085
block-all-mixed-content 2,117
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,224
frame-ancestors 'self'; 1,176
frame-ancestors 'none' 870
block-all-mixed-content; 821
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 751
default-src https: data: 'unsafe-inline' 'unsafe-eval' 407
frame-ancestors 'none'; 346
frame-ancestors 'self' https://*.ally.ac; 315
299
default-src * data: 'unsafe-eval' 'unsafe-inline' 257
img-src https: data:; upgrade-insecure-requests 252
report-uri /report-csp-violation 244
frame-ancestors 'self' ; 240
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 208
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; 142
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 128
frame-ancestors 'self' https://app.kajabi.com 114
frame-ancestors 'self'; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 112
upgrade-insecure-requests; frame-ancestors 'self' 110
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 100
frame-ancestors 'self' http://webvisor.com 94
script-src 'self'    85
default-src 'self' http: https: data: blob: 'unsafe-inline' 80
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 77
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 72
child-src * blob: 70
frame-ancestors 'self'; upgrade-insecure-requests 67
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 65
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 65
frame-ancestors 'self' *.google.com *.googleusercontent.com 64
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 64
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com 63
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 63
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 62
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 62
default-src 'self' 61
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 60
frame-ancestors about: 'self' 56
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 55
default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 48
self 46
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 46
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 44
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 43
* 43
frame-ancestors 'self' www.bookends.info *.bookends.info 42
frame-ancestors 'self' https://*.sitewrench.com 41
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 41
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 40
frame-ancestors * 40
default-src='self' 40
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net js.usemessages.com *.go-mpulse.net; 40
script-src 'unsafe-inline' 'unsafe-eval' http: https: 40
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://player.vimeo.com;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com https://player.vimeo.com;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 39
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 39
frame-ancestors https://*.poki.io http://localhost:1234 39
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 38
frame-ancestors none; 36
default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 36
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 36
frame-ancestors 'self' azeu.marketing.adobe.com 35
report-uri /report-csp-violation; upgrade-insecure-requests 34
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 34
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 34
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 33
base-uri 'self'; 33
default-src 'self' 'unsafe-inline' 33
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com 'self' blob:; frame-src *; worker-src * 'unsafe-inline' blob:; 33
frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 32
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations insights.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js 32
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 31
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' static-dev-portal.s3-eu-west-1.amazonaws.com d1rv23qj5kas56.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com cdn.inspectlet.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' static-dev-portal.s3-eu-west-1.amazonaws.com d1rv23qj5kas56.cloudfront.net www.gstatic.com js.stripe.com;img-src 'self' data: mediastream: blob: filesystem: d1rv23qj5kas56.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net static-dev-portal.s3-eu-west-1.amazonaws.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google-analytics.com googleads.g.doubleclick.net c.seznam.cz www.facebook.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi;frame-ancestors 'self'; 31
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 31
frame-ancestors 'self' https://*.plazz.net ; 30
policy-definition          30
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 30
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://api.mapbox.com https://*.tiles.mapbox.com;block-all-mixed-content;upgrade-insecure-requests; 28
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 27
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 27
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 27
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 27
frame-ancestors 'self' https://preview.citynavigator.nl 27
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 27
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.readspeaker.com *.speechstream.net; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 27
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 26
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  report-uri https://monitor.ebay.com/csp-report/r1highlnfe38/Highline_Homepage 26
frame-ancestors https://cue.forum.cue.cloud 25
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; report-uri https://www.cspreport.nl 25
frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwstage.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in https://shop.nvidia.com; 24
default-src 'none' 24
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 24
script-src 'self'; object-src 'self' 24
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net d3nbup7htlluyi.cloudfront.net https://indeed-labs-jp-baito.s3.amazonaws.com https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://*.tvpixel.com/* https://*.optimizely.com/* https://d.turn.com/* https://idsync.rlcdn.com/* https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3fw5vlhllyvee.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://d3fw5vlhllyvee.cloudfront.net/frontend-sentry-bundle/v1.1.2/js/sentry.js https://apis.google.com/js/platform.js https://app-sj07.marketo.com/js/forms2/js/forms2.min.js https://browser.sentry-cdn.com/4.3.3/bundle.min.js https://browser.sentry-cdn.com/4.4.2/bundle.min.js https://*.tvpixel.com/* https://*.optimizely.com/* https://cdn.optimizely.com/js/10668710116.js https://munchkin.marketo.net/munchkin.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/; 23
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 23
frame-ancestors 'self' https://sage.pathfactory.com https://explore.sage.com; 23
connect-src http://ip-api.com/ 'self' https: data: 23
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 23
worker-src 'self' 23
frame-ancestors none 22
object-src 'none' 22
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 22
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 22
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 21
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net  *.bing.com  *.ccmp.eu  *.cookiebot.com  *.edge-cdn.net   *.google-analytics.com  *.googletagmanager.com  *.lidl  *.lidl-flyer.com  *.lidl.com  *.lidl.net  *.multichannelacd.de  *.secrz.de  *.virtualearth.net  ads.yahoo.com  advdl.ammadv.it  analytics.google.com  assets.zendesk.com  c.imedia.cz  cm.g.doubleclick.net  connect.facebook.net  d.adroll.com  d.adroll.mgr.consensu.org  form.lidl.com  googleads.g.doubleclick.net  lidl.media01.eu  lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz  s.adroll.com  s.ytimg.com  tagmanager.google.com  track.adform.net  us-u.openx.net  www.dwin1.com  www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com; img-src 'self' data: *.bing.com *.ccmp.eu *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net appgateway.lidlplus.com content.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl; 21
; 21
object-src 'self' 21
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 20
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 20
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 19
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.cloud.sap *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.cloud.sap *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 19
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 19
upgrade-insecure-requests; block-all-mixed-content; 19
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com; 19
default-src 'self' blob: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com www.apple.com www.instagram.com www.youtube-nocookie.com; img-src 'unsafe-inline' data: blob: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com; style-src 'unsafe-inline' *.apple.com 18
frame-ancestors self 18
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 18
default-src 'self'; 18
frame-ancestors cue.test:81 cue.test http://cuedev.ece.ksml.fi cue.media.fi; 18
frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 18
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 18
frame-ancestors medium.com 17
frame-ancestors 'self' https://*.brightsites.co.uk; 17
base-uri 'self'; frame-ancestors 'self' 17
upgrade-insecure-requests;connect-src * 17
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.b-ite.com *.bitkomplex.de *.bright-guide.de *.cdn.office.net *.cloudfront.net *.cookiebot.com *.dvinci-hr.com *.etracker.com *.etracker.de *.exmap.de *.facebook.com *.flickr.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk.de *.ihk24.de *.jobcluster.de *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.podigee-cdn.net *.spotify.com *.staticflickr.com *.stream24.net *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.wirecard.com *.xing-events.com *.youtube.com api.mapbox.com app.cituro.com app.sli.do b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com bc.pressmatrix.com berufsausbildung-aachen-ihk.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.rlets.com cdnjs.cloudflare.com code.createjs.com code.jquery.com/jquery-3.1.1.min.js con.arbeitsagentur.de connect.facebook.net consentcdn.cookiebot.com corona.conterra.de cottbus-ihk-pruefungen.de covid19.webtvcampus.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de geoportal-hamburg.de haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net hk24.perbit-job.de hk24.perbit-job.de  html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-darmstadt-portal.rexx-recruitment.com ihk-potsdam.perbit-job.de ihk-schwerin.wahlplus.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com inx.odav.de isi.hdb-hamburg.de komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.watch/vp/nachhaltigkeitsdialog.html maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com roundme.com routenplaner.bus-bahn-thueringen.de service.tecintelli.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com static.issuu.com tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com vstdbv3 w.soundcloud.com walls.io web.ihk-pfalz.net web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.ausbildungslauf.de www.azubi-magdeburg-ihk.de www.bahn.de www.berufe.tv www.bso-hessen.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.vvs.de www.youtube-nocookie.com  ;  report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  17
frame-ancestors kink.com mrskin-kink.com mrman-kink.com 17
default-src http: data: 'unsafe-inline' 'unsafe-eval' 17
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 17
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 17
frame-ancestors 'self' *.roomlynx.net  17
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 16
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 16
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 16
img-src data: https: 16
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 16
default-src 'self'; script-src 'self' 'unsafe-inline' 16
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.qsmly.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com widgets.sir.sportradar.com avplayer-cdn.sportradar.com *.userleap.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 16
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 16
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net 16
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 16
frame-ancestors 'self'; base-uri 'self'; 16
upgrade-insecure-requests; block-all-mixed-content 15
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 15
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 15
frame-ancestors *; 15
frame-ancestors 'self'; report-uri /report-csp-violation 15
frame-ancestors 15
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: ; child-src blob: ; 15
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 15
report-to network-errors; upgrade-insecure-requests 15
'self' https://ajax.googleapis.com 15
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 14
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 14
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 14
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 14
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org privacyportal.onetrust.com www.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com  cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com www.googleadservices.com sc-static.net googleads.g.doubleclick.net; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com atentochile.s1gateway.com  stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com *.googleadservices.com sc-static.net *.analytics.yahoo.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com *.coke.com; font-src 'self' data: use.typekit.net fonts.gstatic.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' editor.wallboard.info; manifest-src 'self' data:; 14
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 14
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 14
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 14
block-all-mixed-content; frame-ancestors 'self' 14
default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://monitoring.echobot.de https://event.beyondwork2020.com https://walls.io https://streaming.talk42.de https://streaming.sendewerk.berlin/ https://stream.zukunftsarena.de/ 'unsafe-inline' blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://*.tile.openstreetmap.org/ https://api.mapbox.com/ 'unsafe-inline' data:;font-src 'self' data:; 14
frame-ancestors 'self' *.facebook.com *.vk.com 14
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' 14
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 13
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 13
block-all-mixed-content; upgrade-insecure-requests 13
frame-ancestors https:; 13
img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 13
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com;worker-src 'self' blob: 13
default-src 'self' *.cscglobal.com *.swiftypecdn.com  *.swiftype.com script.crazyegg.com rum-collector-2.pingdom.net *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com https://lat9412.d41.co/api/; script-src 'self' https://lat9412.d41.co/sync/  https://cdn-0.d41.co/tags/dnb_coretag_v5.min.js rum-static.pingdom.net ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 13
referrer origin 13
img-src *; 13
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.ametek.com *.ametekweb.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com  *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 13
frame-ancestors 'self', upgrade-insecure-requests 12
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 12
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/ https://b2b-media.verizonmedia.com;worker-src 'self' blob:;frame-ancestors 'self' https://b2b.verizonmedia.com https://b2b-media.verizonmedia.com https://pages.verizonmedia.com 12
frame-ancestors 'self' metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.timeweb.net *.timeweb.ru timeweb.eu *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com onthe.io *.onthe.io i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru blob: timeweb.com 12
frame-ancestors https://nurture.solarwinds.com/ https://try.solarwinds.com/ https://www.solarwinds.com/ 12
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self'; 12
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/ https://s7.addthis.com seaworld.com  https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* *.tvpixel.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;frame-src 'self' s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/ https://match.adsrvr.org/%0d%0a%0d%0a;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/  https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/  wss://ws13.hotjar.com https://sts.eccmp.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* https://api-cust1117.cheetahedp.com/edp/api/event?evtId=browse_product-0 *.tvpixel.com ; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 12
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 12
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 12
frame-ancestors 'self' *.vergic.com 12
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 12
frame-ancestors 'self' http://*.elsevier.es/ 12
default-src https: 'unsafe-inline' 'unsafe-eval' 12
frame-src * 12
default-src 'self' http: https: wss: *.firebaseio.com *.yandex.ru *.google.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.firebaseio.com *.landbot.io https://cdn.chatbot.com https://edugrampromo.com https://widget.my.feedot.com/ https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com  *.google.com.ua *.google.am *.google.at *.google.az *.google.be *.google.br *.google.by *.google.ca *.google.ch *.google.cn *.g.cn *.google.cy *.google.cz *.google.de *.google.ee *.google.fr *.google.ge *.google.gr *.google.hu *.google.id *.google.ie *.google.il *.google.in *.google.it *.google.jp *.google.kg *.google.kz *.google.lt *.google.lv *.google.md *.google.me *.google.nl *.google.pl *.google.ro *.google.ru *.google.tm *.google.com.tr *.google.co.uk *.google.us *.google.co.uz *.google.com.sg *.googlesyndication.com;  img-src 'self'  data: *.landbot.io https://cdn.chatbot.com https://edugrampromo.com *.alicdn.com *.gstatic.com  *.yandex.ru *.yandex.net  https://wcm-ru.frontend.weborama.fr https://www.tns-counter.ru https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.landbot.io fonts.googleapis.com *.google.com *.googlesyndication.com; font-src 'self' *.landbot.io *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 12
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 12
frame-ancestors 'self' sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br *.hotmart.com http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly; 12
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 11
frame-ancestors 'self' http://localhost:* https://*.bustle.com 11
frame-ancestors http://kpmg.experiencecloud.adobe.com 11
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com 11
frame-ancestors https://*.marketo.com 11
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' support.carousell.com 11
default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 11
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 11
frame-ancestors 'self' *.ci360.sas.com 11
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 11
script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' vznrw-piwik.init-ag.de; 11
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 11
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 11
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn *.brandaplb.ford.com *.brandap.ford.com  *.brandap.lincoln.com *.brandaplb.lincoln.com; connect-src https: wss: blob:; font-src https: data:; img-src https: data: blob:; media-src https:  blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self';worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-attr 'unsafe-inline'  'unsafe-eval' blob: https:; style-src-attr 'unsafe-inline'  https:; style-src-elem 'unsafe-inline'  https:;upgrade-insecure-requests; 11
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com https://*.loja.olx.pt 11
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com  https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com  https://*.youtube.com https://app-sj01.marketo.com https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com; media-src 'self' data: blob: https://media.tenethealth.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com; frame-src *.marketo.com *.sitefinity.xyz 'self'  *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/  https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net; 11
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 11
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 'self' 11
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 10
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation 10
frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 10
frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com 10
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 10
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10
script-src *; 10
policy 10
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 10
base-uri 'self' 10
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 10
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve 10
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com 10
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 10
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src blob: 10
frame-ancestors *.youtube.com *.pearsoncmg.com *.pearsonsupport.com *.pearson.com *.ecollege.com *.mathxl.com; 10
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 10
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10
frame-ancestors 'self' https://*.etracker.com 10
"upgrade-insecure-requests" 10
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 10
frame-ancestors https: 10
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 9
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://www.facebook.com https://*.fls.doubleclick.net https://optimize.google.com www.snapengage.com https://www.expresvpn-private-analytics.net https://frontend-private-analytics.xvtest.net; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 9
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' blob: o1.ingest.sentry.siemens-web.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net siemens.demdex.net tools.adlytics.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.downloads.siemens.com api.dc.siemens.com www.facebook.com *.cf.brightcove.com cert-portal.siemens.com www.hqs.sbt.siemens.com www.google.com api.company-target.com resource.finnchat.com api-fra.livechatinc.com aem-distribuidores.siemens.com.br aem-equivalentes.siemens.com.br go.cuenect.de hm.virtualevent.siemens.com assets.new.siemens.com www.siemens.at dpm.demdex.net siemens-umschluesselungstool-slplus-extreme.s3.eu-central-1.amazonaws.com www.yousty.ch; frame-ancestors 'self' resources.dc.siemens.com siemensfactoryautomation.pathfactory.com; frame-src 'self' www.facebook.com bid.g.doubleclick.net hit.sbt.siemens.com *.equitystory.com partners.sea.siemens.com secure-fra.livechatinc.com siemens.demdex.net partners.finance.siemens.ru extranet.siemens.pt www.lowvoltage.siemens.com www.siemens.at; font-src 'self' data: tools.adlytics.net new.siemens.com; img-src 'self' data: android-webview-video-poster: blob: https:; media-src 'self' blob: assets.new.siemens.com secure.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.cf.brightcove.com; object-src players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com tools.adlytics.net assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com *.ste.dc.siemens.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.googleadservices.com connect.facebook.net cookies.siemens.com snap.licdn.com scripts.demandbase.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com resource.finnchat.com cdn.livechatinc.com secure-fra.livechatinc.com secure.livechatinc.com api.livechatinc.com api-fra.livechatinc.com www.sfs.siemens.de; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com www.sfs.siemens.de; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry-xl.siemens-web.com/api/2/security/?sentry_key=1ee914da45a24a1491f0e46e1d0d92c9&sentry_environment=sites-prod&sentry_release=5ef171da; 9
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 9
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net; object-src 'self' 9
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888  http://183.64.111.243:28080 9
frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 9
block-all-mixed-content; upgrade-insecure-requests; 9
frame-ancestors *.ivanti.com https://dash.cloudflare.com 9
default-src * 'unsafe-inline' 'unsafe-eval' data: blob 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 9
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 9
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 9
form-action 'self' 9
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 9
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 9
default-src * data: 'unsafe-inline' 'unsafe-eval' 9
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.stihl.com https://wm.wiredminds.de https://www.google-analytics.com https://www.googletagmanager.com https://analytics-udg.netdna-ssl.com https://www.googleadservices.com https://bat.bing.com https://rns.matelso.de https://googleads.g.doubleclick.net https://maps.googleapis.com https://static.criteo.net https://sslwidget.criteo.com https://static.hotjar.com https://connect.facebook.net https://ssl.geoplugin.net https://www.google.com https://www.gstatic.com https://api.openweathermap.org https://e.video-cdn.net https://79423.analytics.edgekey.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://cdn.taboola.com https://trc.taboola.com https://ssl.google-analytics.com https://www.sc.pages02.net https://track.adform.net https://s2.adform.net https://cstatic.weborama.fr https://chimpstatic.com https://amplify.outbrain.com https://tr.outbrain.com https://lib-3pas.admatrix.jp https://eventd-cro.admatrix.jp https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://ajax.googleapis.com https://wm.wiredminds.de https://static.stihl-timbersports.com https://www.youtube.com https://s.ytimg.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://ng361.infusionsoft.com https://bs.serving-sys.com;style-src 'self' 'unsafe-inline' https://static.stihl.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.stihl-timbersports.com;img-src 'self' data: *;font-src 'self' https://static.stihl.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://e.video-cdn.net https://maxcdn.bootstrapcdn.com https://*.mouseflow.com;child-src 'self' https://*.mouseflow.com;frame-src 'self' https://www.google.com https://www.facebook.com https://e.video-cdn.net https://googleads.g.doubleclick.net https://www.google.de https://ad3.adfarm1.adition.com https://*.fls.doubleclick.net https://cstatic.weborama.fr https://rd.frontend.weborama.fr https://www.youtube-nocookie.com https://www.youtube.com https://e.issuu.com https://*.mouseflow.com https://app11.jaggaer.com https://player.vimeo.com https://ng361.infusionsoft.app https://data.stihl-timbersports.com;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://d.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://ma307-r.analytics.edgekey.net https://asset-out-cdn.video-cdn.net https://mc.yandex.ru https://top-fwz1.mail.ru https://trc-events.taboola.com https://ext.nonstoppartner.net https://ct.pinterest.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://static.stihl.com https://static.stihl-timbersports.com https://static.viking-garden.com;media-src 'self' https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.video-cdn.net;object-src 'self' https://static.stihl.com; 9
default-src * 'unsafe-inline' 'unsafe-eval'; 9
; frame-ancestors 'self' 9
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 9
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https: 9
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 9
report-to network-errors 9
frame-ancestors 'self' https://translate.google.com 9
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 9
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com 9
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.ooklaserver.net; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn https://*.speedtestcustom.com https://tigoune.maps.arcgis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://bam.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io https://tigo.us9.list-manage.com https://www.youtube.com https://*.speedtestcustom.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io https://*.speedtestcustom.com; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://www.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io https://*.speedtestcustom.com https://prs.arkeero.net;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com https://*.speedtestcustom.com; connect-src *; 9
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 9
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 9
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
frame-ancestors 'self' *.lycos.com 8
default-src * data: blob: about: vkcall:;script-src 'self' https://vk.com https://*.vk.com https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 8
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org; upgrade-insecure-requests 8
frame-ancestors https://pam.mcafee.com 8
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 8
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 8
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 8
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 8
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.osi.gov.au https://*.cetc.gov.au 8
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com 8
frame-ancestors *.benq.com *.benq.eu 8
report-uri //report-csp-violation 8
upgrade-insecure-requests ; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 8
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 8
reflected-xss block 8
frame-ancestors 'self' http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 8
frame-ancestors 'none' ; 8
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js 8
frame-ancestors 'self' letmedate.com www.letmedate.com 8
worker-src 'self'; 8
upgrade-insecure-requests; base-uri 'self'; 8
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 8
frame-ancestors *.cas.cn 8
default-src 'self'; font-src 'self' data: https://resources.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://resources.ricoh-europe.com https://code.jquery.com https://unpkg.com https://service.maxymiser.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://*.en25.com https://fullstory.com https://edge.fullstory.com https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://secure.leadforensics.com https://app-static.turtl.co https://ldynamicspublicapi.leadforensics.com https://snap.licdn.com https://cdn.mouseflow.com https://tag.demandbase.com https://use.fontawesome.com https://api.feefo.com https://register.feefo.com https://lq3-production01.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://resources.ricoh-europe.com https://fast.fonts.net https://unpkg.com https://fonts.googleapis.com https://*.en25.com https://app-static.turtl.co https://use.fontawesome.com; img-src 'self' data: https://resources.ricoh-europe.com https://*.t.eloqua.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://service.maxymiser.net https://assets.turtl.co https://assets.ricoh-europe.com https://www.google.com https://px.ads.linkedin.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://www.googletagmanager.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://rs.fullstory.com https://in.hotjar.com https://www.googleadservices.com https://api.feefo.com https://collect.feefo.com; frame-src https://resources.ricoh-europe.com https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://vars.hotjar.com https://ricoh-docuware-calculator.tbtmarketing.com https://gestiondocumentaire.ricoh.fr https://supportrequest.ricoh.ch https://discover.ricoh.co.uk https://webforms.ricoh.de https://*.t.eloqua.com https://embed.ricohtours.com 8
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 8
“upgrade-insecure-requests� 8
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8
default-src 'self' 'unsafe-inline'; 8
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com; 8
default-src https: *.sim-cms.net http://sdk.listenlive.co http://*.streamtheworld.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http://cdn.saleminteractivemedia.com; media-src 'self' blob: data: https: http://*.streamtheworld.com; worker-src blob: *.sim-cms.net 'self'; font-src data: https://* 'self' 8
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 8
script-src 'self' 8
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 8
default-src * 'unsafe-inline' 'unsafe-eval' 8
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none' 7
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duck.co ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 7
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 7
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 7
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 7
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 7
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com  https://cdn.jsdelivr.net https://*.mb-lounge.com  https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com  https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com data: blob: 'unsafe-inline' 'unsafe-eval' 7
none 7
frame-ancestors 'self' app.contentful.com 7
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 7
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 7
frame-ancestors 'self' https://help.jouwweb.nl; 7
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 7
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 7
script-src * 'unsafe-inline' 'unsafe-eval' 7
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 7
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 7
default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/  https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com 'self' 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com https://rec.smartlook.com *.leadoo.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 7
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com http://static.virtualroi.com/; 7
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv; 7
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 7
object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 7
referrer no-referrer 7
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 7
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ; frame-ancestors 'self' https://trustseal.enamad.ir 7
frame-ancestors 'self'; report-uri https://www.goodnes.com/report-uri/enforce 7
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 7
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 7
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 7
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 7
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' 7
img-src * 7
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 7
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline';  7
script-src 'self' 'unsafe-inline' 7
frame-ancestors 'self' gather.town  ; 7
frame-ancestors 'self' weleda.sabio.de 7
upgrade-insecure-requests;block-all-mixed-content; 7
frame-ancestors 'self' http://webvisor.com https://webvisor.com 7
frame-ancestors 'self' *.authorize.net 7
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 7
frame-ancestors 'self' https://*.facebook.com; 7
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 7
frame-ancestors 'self' *.plentymarkets-cloud-de.com 7
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gg 6
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com:* https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 6
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 6
frame-ancestors nypost.com *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 6
upgrade-insecure-requests; base-uri 'self' 6
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https: 6
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 6
frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com; 6
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://online2.superoffice.com/ https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js https://script.hotjar.com/modules.a6cfc71c5ac4549d913e.js https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg; frame-src 'self' https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com 6
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com data: blob:; connect-src 'self' https://*.lift.acquia.com https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://bam-cell.nr-data.net https://sheets-proxy.knightlab.com https://cdn.cookielaw.org https://*.onetrust.com wss://*.hotjar.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data:; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com https://optimize.google.com https://www.recaptcha.net; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://www.ul.com https://www-stage.ul.com https://legacy-uploads.ul.com https://optimize.google.com https://s.ml-attr.com/getuid https://secure.adnxs.com/getuid https://attr.ml-api.io https://pixel.mathtag.com https://cdn.cookielaw.org data:; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com https://optimize.google.com https://cdn.c212.net https://c212.net https://pixel.mathtag.com blob:  https://app-ab11.marketo.com https://app-sj08.marketo.com https://cdn.knightlab.com https://code.jquery.com https://embed.solosegment.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://optimize.google.com https://fonts.googleapis.com https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self'; report-uri https://ulcsp.report-uri.com/r/t/csp/reportOnly 6
block-all-mixed-content;frame-ancestors *.mail.com 6
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 6
child-src * 6
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com https://next.benzinga.com https://quotes.benzinga.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com https://uatm.cqg.com  https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com https://www.bluelinefutures.com https://www.bluelinefutures.live https://www.bluelinefutures.trade; 6
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 6
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 6
connect-src * 'self' 6
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.ziggo.io https://ziggo.io https://*.aem.prod.aws.ziggo.io; 6
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 6
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 6
font-src * 6
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' *.royal-canin.de; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 6
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 6
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 6
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.telerain.com:* 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com tags.srv.stackadapt.com pagecdn.io *.alpixtrack.com *.basis.net; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com *.srv.stackadapt.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.sanzone.dev *.northwell.io api.dpx.northwell.io *.yimg.com *.googleusercontent.com *.marketo.com alpixtrack.com *.ipredictive.com *.bidr.io *.sitescout.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com dam.northwell.edu; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com *.pledgeling.com *.adsrvr.org *.healthgrades.com *.podbean.com *.libsyn.com *.simplecast.com *.sitescout.com *.youvisit.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io *.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.sanzone.dev *.northwell.io *.yimg.com *.srv.stackadapt.com sentry.io *.reachnorthwell.com analytics.google.com *.facebook.net; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 6
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 6
frame-ancestors 'self' goqubit.net ; 6
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 6
default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp js.monitor.azure.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com; 6
frame-ancestors 'self' https://www.growingio.com 6
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 6
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 6
allow 'self'; 6
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 6
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 6
default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 6
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 6
frame-ancestors http://webvisor.com 6
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 6
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 6
frame-ancestors 'self' *.psplugin.com 6
img-src 'self' data: https://cdn-web.cemex.com https://cdn-web-qa.cemex.com https://cdn-web-intdev.lfgwcemex.services https://cxcdn.lfgwcemex.services https://assets.cemex.com https://www.facebook.com/tr/ https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://p.adsymptotic.com/d/px/ https://c.contentsquare.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://c.seznam.cz https://npmcdn.com/leaflet@0.7.3/dist/images/ https://s916025651.t.eloqua.com https://tags.bluekai.com https://service.maxymiser.net https://www.google.com/ https://www.google.com.mx/ https://www.google.fr/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.hr/ https://www.google.cz/ https://www.google.de/ https://www.google.com.do/ https://www.google.com.eg/ https://www.google.com.gt/ https://www.google.lv/ https://www.google.com.ni/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pr/ https://www.google.es/ https://www.google.ae/ https://www.google.co.uk/ https://www.google.com.sv/ 6
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; 6
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com 'sha256-vHPdDd1XiX8MoRZA440ghWkFcly/rVw9GwywCYO6zk0=' 6
default-src * 'unsafe-inline' 'unsafe-eval' data: 6
frame-ancestors 'self' analytics.pt-dlr.de 6
default-src 'self'; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline'; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 6
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com *.youtube.com; img-src 'self' data: *.google.ch *.google.com *.googleapis.com  *.gstatic.com *.google-analytics.com *.ytimg.com 6
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 6
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 6
frame-ancestors 'self' learn.arcgis.com *.esri.com 6
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; frame-ancestors 'self' https://steamloopback.host ; 6
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 6
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com 6
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' www.openstreetmap.org; 6
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 6
frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 6
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888 6
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com *.dev-godaddy.com:8443 6
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 5
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com www.google.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval' *.rvapps.io; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 5
frame-ancestors 'none'; upgrade-insecure-requests 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.recaptcha.net https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://*.ads-twitter.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://px-cdn.net https://*.px-cloud.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://p2a.co https://public.profitwell.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com https://*.voteamerica.com https://*.jotform.com https://actionnetwork.org/ https://core.spreedly.com https://secure.everyaction.com https://d3rse9xjbp8270.cloudfront.net https://*.ngpvan.com https://js2.verygoodvault.com https://change.my.salesforce.com https://help.change.org; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://*.px-client.net https://*.px-cloud.net https://pxchk.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.profitwell.com https://bam.nr-data.net https://bam-cell.nr-data.net https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://www.voteamerica.com https://core.spreedly.com https://advocator.ngpvan.com; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' 5
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 5
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 5
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 5
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 5
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 5
frame-ancestors https://*.ionos.com https://ionos.com; 5
frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 5
frame-ancestors 'self' *.windy.com:* 5
default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://flow.1passwordservices.com https://createsend.com/t/getsecuresubscribelink; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com https://player.vimeo.com; form-action 'self' https://agilemail.createsend.com https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe https://start.1password.com https://flow.1passwordservices.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 5
frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; report-uri /csp-violation; 5
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 5
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 5
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 5
frame-ancestors 'self' *.brandwatch.com; object-src 'none'; 5
default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.aticdn.net *.ioam.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.bunchbox.co *.datadoghq-browser-agent.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com *.argosdata.io *.bunchbox.co *.datadoghq-browser-agent.com;media-src * mediastream: blob:;frame-src 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.ioam.de *.bunchbox.co *.datadoghq-browser-agent.com;worker-src 'self' blob: 5
frame-ancestors 'self' https://app.hubspot.com; 5
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 5
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 5
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru http://webvisor.com https://portal1.comm100.io 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
upgrade-insecure-requests; frame-ancestors 'self'; 5
frame-src *; 5
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 5
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com; frame-ancestors 'self' atos.net *.atos.net atosnews.net; 5
frame-ancestors 'self' www.haier.com *.haier.com cnwcm.haier.com http://cnwcm.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 5
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://next.brella.io; base-uri 'self'; object-src 'self'; connect-src wss: https: 5
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 5
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 5
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com; report-uri /report-csp-violation 5
form-action https: 5
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net mijnzakelijk.kpn.com www.grip-on-it.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://assets.adobedtm.com *.pardot.com opt.objectiveportal.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://assets.adobedtm.com opt.objectiveportal.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net wss://conv-engine.acc.kpn.com/chat-engine wss://conv-engine.kpn.com/chat-engine; object-src 'self' 5
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.googleapis.com translate.google.com ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com deepknow.egoid.me static.geetest.com dn-staticdown.qbox.me api.geetest.com *.ronghub.com *.udesk.cn qiyukf.com c.cnzz.com s9.cnzz.com z12.cnzz.com https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; style-src 'unsafe-inline' 'self' 'unsafe-eval' static.geetest.com translate.googleapis.com *.udesk.cn https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; frame-src 'self' https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top *.bitz-service.com *.bitz.com *.bit-z.com *.bit-z.pro *.bitz.top *.bitz.so *.bitz.plus *.bitzdownload.com *.bitz.my *.bitz.al *.bitz.ai *.bitz.bz *.bitz.info *.bitz.tech *.bitzhd.com *.bitz.cm *.hyjztc.cn *.bitzapp.top appad.ahighapp.com qiyukf.com *.udesk.cn; frame-ancestors *.bitz-service.com; font-src 'self' data: https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; img-src 'self' data: blob: www.gxchaintop.org static.gxb.io translate.googleapis.com *.google.com bit-z-frontdesk.oss-cn-hongkong.aliyuncs.com www.gstatic.com static.geetest.com stats.g.doubleclick.net www.google-analytics.com sensors.ahighapi.com *.127.net qiyukf.com *.qiyukf.com *.bibidev.com *.udesk.cn z12.cnzz.com cnzz.mmstat.com sensors.bitzapp.top https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; media-src 'self' static.geetest.com qiyukf.com *.bibidev.com *.127.net *.udesk.cn; connect-src 'self' wss://ws.ahighapi.com wss://*.s2.udesk.cn translate.googleapis.com stats.g.doubleclick.net www.google-analytics.com monitor.geetest.com api.geetest.com *.udesk.cn qiyukf.com sentry.ahighapi.com test-push-trade.biwebapi.com https://sensors.bitzapp.top https://ucapi.ahighapi.com https://otcapinew.ahighapi.com https://app.ahighapi.com https://v2.ahighapi.com https://api.ahighapi.com https://app.ahighapi.com wss://ws.ahighapi.com wss://pushser.ahighapi.com https://app.ahighapi.com 5
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 5
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 5
frame-ancestors *.nordangliaeducation.com *.tfaforms.net 'self' 5
default-src 'self' 'unsafe-inline' *; 5
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 5
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 5
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 5
script-src 'unsafe-inline' 'unsafe-eval' * 5
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 5
default-src https: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 5
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://grandcentral.beescloud.com https://grandcentral.cloudbees.com 'self' 5
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.stripe.com *.twitch.tv *.fastly.net *.facebook.com *.shields.io *.bilibili.com *.163.com discord.com googleusercontent.com imgbox.com cdnjs.cloudflare.com cdn.jsdelivr.net reddit.com *.reddit.com redd.it *.redd.it redditmedia.com *.redditmedia.com dropbox.com *.dropbox.com dropboxstatic.com *.dropboxstatic.com disqus.com *.disqus.com *.nicovideo.jp lh3.googleusercontent.com db.onlinewebfonts.com wikiapiary.com *.vimeo.com *.googleusercontent.com *.imgbox.com www.gnu.org www.desmos.com z.moatads.com www.recaptcha.net snap.berkeley.edu *.netease.com openlayers.org wikiplus-app.com minotar.net *.tile.openstreetmap.org live.staticflickr.com *.pixabay.com cdn.geogebra.org docs.blender.org scratchblocks.github.io 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org 5
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 5
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 5
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 5
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.arista.com *.hubspot.com *.smartrecruiters.com *.cludo.com *.hs-analytics.net *.google.com *.gstatic.com *.google-analytics.com *.twitter.com; style-src 'self' 'unsafe-inline' https: *.smartrecruiters.com; img-src 'self' data: https:; upgrade-insecure-requests 5
default-src 'self' http: https: data: blob: 'unsafe-eval' style-src: 'unsafe-inline' wss://vts.zohopublic.com 5
frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 5
default-src 'self' https://* 'unsafe-eval' 'unsafe-inline' data:; frame-src 'self' https://*.legrandav.com https://*; connect-src 'self' wss://*.mypurecloud.com/ wss://*.hotjar.com/ https://*; 5
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 5
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 5
default-src 'self' *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com; img-src * data:; font-src 'self' http://script.hotjar.com https://script.hotjar.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com;  media-src * 'unsafe-inline'; frame-src 'self'  *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org  go.ceridian.com  *.hotjar.com 5
frame-ancestors 'self' http://www.fx-graphics.com; 5
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://tagmanager.google.com https://cdn.cookielaw.org https://code.jquery.com https://cdn.krxd.net https://connect.facebook.net https://beacon.krxd.net https://consumer.krxd.net https://plugin.handtalk.me https://*.youtube.com https://s.ytimg.com https://cdn.equalweb.com ; img-src 'self' data: blob: https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://adservice.google.com https://lh3.googleusercontent.com https://cdn.cookielaw.org https://beacon.krxd.net https://usermatch.krxd.net https://cm.g.doubleclick.net https://stags.bluekai.com https://ib.adnxs.com https://sync.mathtag.com https://analytics.twitter.com https://cms.analytics.yahoo.com https://sync.navdmp.com https://global.ib-ibi.com https://www.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net https://access.equalweb.com https://plugin.handtalk.me ; style-src 'self' 'unsafe-inline' blob: https://*.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://*.gstatic.com https://cdn.cookielaw.org https://code.jquery.com ; child-src 'self' blob:; object-src 'none' ; frame-src 'self' https://*.doubleclick.net https://www.googletagmanager.com https://plugin.handtalk.me https://www.google.com https://cdn.krxd.net https://*.youtube.com https://www.facebook.com ; connect-src 'self' data: https://us-central1-kora-nlp-prod.cloudfunctions.net https://www.google-analytics.com https://la.ces.coke.com https://plugin.handtalk.me https://stage-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://prod-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://hub-xmas-invoice-homolog.s3.amazonaws.com https://hub-xmas-invoice-production.s3.amazonaws.com https://gamma-latam-us-west-2-api-config.s3.amazonaws.com https://prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com https://pyhdy1j3zh.execute-api.us-west-2.amazonaws.com https://8lioi8nl48.execute-api.us-west-2.amazonaws.com https://cdn.equalweb.com https://access.equalweb.com https://translation.handtalk.me https://translation-v3.handtalk.me ; form-action 'self' https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; 5
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 5
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com https://*.google.com https://slack.com https://business.parkopedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://*.mapbox.com https://unpkg.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.co.uk https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 5
frame-ancestors https://*.complex.com 5
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 5
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 5
style-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 5
frame-ancestors 'self' next.brella.io *.on24.com; 5
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 5
default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 5
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 5
frame-ancestors https://my.bigcartel.com; 5
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 5
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 5
upgrade-insecure-requests; report-uri /api/csp-report; base-uri 'none'; object-src 'none'; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' sdk.listenlive.co players.brightcove.net *.krxd.net js-agent.newrelic.com bam.nr-data.net vjs.zencdn.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com adservice.google.com storage.googleapis.com www.google.com *.2mdn.net optimize.google.com adservice.google.com adservice.google.ca googleads.g.doubleclick.net securepubads.g.doubleclick.net *.googlesyndication.com cdn.ampproject.org stats.g.doubleclick.net tagmanager.google.com imasdk.googleapis.com www.gstatic.com connect.facebook.net www.instagram.com cdn.syndication.twimg.com platform.twitter.com *.twitch.tv www.tiktok.com *.ibytedtos.com *.tiktokcdn.com www1.journaldemontreal.com www.youtube.com ping.chartbeat.com static.chartbeat.com static2.chartbeat.com *.hotjar.com *.hotjar.io cdn.jwplayer.com ssl.p.jwpcdn.com *.qub.ca insights.algolia.io s0.2mdn.net/instream/video/client.js *.scorecardresearch.com code.jquery.com ajax.googleapis.com s1.quebecormedia.com 5
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 5
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 5
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 5
default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net *.readspeaker.com sadmin.brightcove.com syndication.twitter.com cdn.syndication.twimg.com tagmanager.google.com *.vimeocdn.com; img-src 'self' data: ssl.gstatic.com https://cdn.cookielaw.org *.atdmt.com www.gstatic.com *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net caixaforum.emexs.es cosmocaixa.emexs.es ucarecdn.com *.readspeaker.com syndication.twitter.com *.twimg.com platform.twitter.com *.fbcdn.net *.ytimg.com *.cdninstagram.com *.vimeocdn.com; frame-src 'self' https://secure-ds.serving-sys.com fls.doubleclick.net open.spotify.com caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com www.google.com *.readspeaker.com platform.twitter.com players.brightcove.net syndication.twitter.com player.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com caixaforum.emexs.es cosmocaixa.emexs.es *.readspeaker.com platform.twitter.com *.twimg.com tagmanager.google.com *.vimeocdn.com; font-src 'self' data: *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://secure-ds.serving-sys.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es 5
connect-src 'self' habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net hb.improvedigital.com pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net hb.improvedigital.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 5
default-src https: data:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 5
manifest-src 'self' https://*.ng-source.com 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com www.google-analytics.com; 5
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 5
frame-ancestors 'self' https://api.opentlv.com 5
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 5
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 5
form-action https:; upgrade-insecure-requests 5
frame-ancestors 'self' centralnicgroup.activehosted.com; script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com snap.licdn.com diffuser-cdn.app-us1.com prism.app-us1.com wp-ui.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 5
default-src 'self' data: 'unsafe-inline' https: *; 5
frame-ancestors 'self' *.egovcdn.com 5
default-src https: 'unsafe-inline' 'unsafe-eval' data: 5
default-src https: http: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: http: data: 5
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 5
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 5
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com; connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com  https://ampcid.google.com.br; img-src 'self' data: *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net; font-src 'self' data: *.gstatic.com script.hotjar.com; worker-src https: blob: 5
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 5
frame-ancestors 'self' *.plentymarkets-cloud-ie.com 5
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 5
frame-ancestors 'self' https://*.car-config.com 5
default-src data: blob: http://* https://* wss://* 'self' 'unsafe-inline' 'unsafe-eval'; 5
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org firefox.com www.firefox.com www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com 4
frame-ancestors 'self' *.cnbc.com *.acorns.com; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 4
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 4
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 4
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 4
frame-ancestors 'self' https://*.target.com; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob:; object-src https://*.engadget.com https://s.yimg.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://www.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4
frame-ancestors 'self' hhs.gov *.hhs.gov 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com googletagmanager.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com *.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com *.twitter.com cdn.syndication.twimg.com cdn.nativemsg.com hm.baidu.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io eisi-ext.azurewebsites.net *.aparat.com *.tableau.com *.wufoo.com s.pinimg.com ct.pinterest.com cdn.taboola.com static.hotjar.com amplify.outbrain.com  event.getblue.io analytics.tiktok.com api.curator.io cdn.pdst.fm; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com *.twitter.com *.unicef.org cdn.curator.io *.twimg.com; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com facebook.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com google.ie google.com.hk google.dk google.co.id google.co.kr google.hr google.com.sg google.fr google.com.br google.mn google.co.zw google.com.lb google.tn google.com.om google.jo google.com.ph google.mw google.nl google.com.tr google.ca google.it google.co.uz google.me google.co.uk google.co.za google.ch google.co.in www.google.com *.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io *.twitter.com *.twimg.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com ct.pinterest.com cx.atdmt.com pixel.quantserve.com i.ytimg.com downloads.mailchimp.com *.tableau.com blob:; media-src 'self' *.cdninstagram.com video.twimg.com; frame-src 'self' *.facebook.com *.google.com *.twitter.com e.infogram.com infogram-download-us2.s3.eu-west-1.amazonaws.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org embed.ted.com *.doubleclick.net player.vimeo.com forms.office.com *.aparat.com *.tableau.com oms.gameloft.com *.soundcloud.com app.powerbi.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdnjs.cloudflare.com cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com facebook.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io bam.nr-data.net rpapigatewaytest.azurewebsites.net i2e.azurewebsites.net us-central1-adaptive-growth.cloudfunctions.net blob:; report-uri /report-csp-violation 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com js.sentry-cdn.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://x.clearbitjs.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://api.pgncs.notion.so https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://api.unsplash.com https://boards-api.greenhouse.io; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 4
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 4
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4
frame-ancestors 'self'; object-src https://*.citrix.com; plugin-types application/x-shockwave-flash application/pdf 4
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 4
frame-ancestors 'self' appsec.aarp.org  secure.aarp.org; 4
object-src 'none'; base-uri 'self' 4
frame-ancestors 'self' https://*.adobe.com; 4
frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com 4
frame-ancestors 'self' *.benzinga.com 4
default-src *; object-src *; script-src 'unsafe-eval' * 'unsafe-inline' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 4
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 4
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors 'self'; worker-src * blob:; object-src *; 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 4
'frame-ancestors' http://localhost:8100 https://*.tn.gov 4
frame-ancestors *.motor1.com 4
frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 4
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4
default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net *.appannie.com *.appannie.com.cn *.appannie.org;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;connect-src * data: blob: wss://api.appcues.net;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 4
frame-ancestors 'self' http://info.barchart.com 4
frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect; 4
frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 4
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://*.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4
frame-ancestors https://*.obozrevatel.com http://*.googlesyndication.com https://api.esp.piano.io http://api.traq.li 4
frame-ancestors 'self' *.multimediabs.com 4
frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de; 4
frame-ancestors 'self' https://*.verizonmedia.com https://mediaplatform.pathfactory.com 4
value 4
frame-ancestors 'self' *.amp.colgate.com; 4
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 4
object-src 'none'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4
frame-ancestors *.adobe.com 4
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net *.gomo.com.au; 4
frame-ancestors www.red-gate.com; 4
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https: mailto: tel:; font-src 'self' data: https:; connect-src 'self' https: wss://*.hotjar.com; frame-ancestors 'self' https://vshow.on24.com https://login-staging.qlik.com/ https://login.qlik.com/; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 4
frame-ancestors 'self' *.blackbaud.com; 4
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 4
default-src 'none'; connect-src bloghelpers.troyhunt.com links.services.disqus.com www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com troyhunt.report-uri.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.google.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com; img-src 'self' c.disquscdn.com referrer.disqus.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' c.disquscdn.com disqus.com troyhunt.disqus.com www.google.com www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ 'sha256-dblwN9MUF0KZKfqYU7U9hiLjNSW2nX1koQRMVTelpsA=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 4
connect-src 'self' *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.volkswagenbank.de s.yimg.com www.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net  *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com;  script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' maps.googleapis.com s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com;  script-src *.dynatrace.com assets.ducati.com platform.twitter.com s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com;  base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  frame-src pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be www.facebook.com www.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com;  style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com;  style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com 4
default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com 4
frame-ancestors 'self'; base-uri 'none'; form-action 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; media-src https:; style-src 'unsafe-inline' https:; worker-src https:; img-src https: data: 4
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com; upgrade-insecure-requests; 4
font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://themes.googleusercontent.com https://static.juicer.io data: https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://cdnjs.cloudflare.com https://static.formstack.com https://thrivsports.s3.us-east-1.amazonaws.com; img-src 'self' https://www.sportsengine.com https://se-portal-production.s3.amazonaws.com *.facebook.com *.sestage.us *.google.com https://se-portal-staging.s3.amazonaws.com *.youtube.com https://s0.2mdn.net *.googleusercontent.com *.googlesyndication.com *.visualwebsiteoptimizer.com https://sb.scorecardresearch.com https://www.google-analytics.com *.g.doubleclick.net https://audible.sp1.convertro.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s3.amazonaws.com *.adsafeprotected.com *.mparticle.com https://assets.ngin.com https://embed-fastly.wistia.com https://img1.niftyimages.com data: https://js.intercomcdn.com https://static.intercomassets.com https://pixel.quantserve.com https://bat.bing.com *.googletagmanager.com https://golfmds.s3.amazonaws.com/ https://syndication.twitter.com https://sportngin-lddxb.formstack.com https://thrivsports.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net *.visualwebsiteoptimizer.com *.g.doubleclick.net https://sb.scorecardresearch.com *.googleadservices.com *.googletagmanager.com *.mparticle.com *.user.sportngin.com https://se-api.sportngin.com.dev https://www.google-analytics.com https://adservice.google.com *.googlesyndication.com https://cdn.ampproject.org https://www.googletagservices.com https://fast.wistia.com https://www.olympicchannel.com https://assets.juicer.io https://communityforum.sportngin.com https://assets.ngin.com https://assets.stage.ngin.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://www.burst.com https://secure.quantserve.com https://pixel.quantserve.com https://rules.quantcount.com https://bat.bing.com https://widget.intercom.io https://js.intercomcdn.com https://js.braintreegateway.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thriv.sportsengine.com https://g1188506010.co https://app.vwo.com https://www.instagram.com https://platform.twitter.com https://sportngin-lddxb.formstack.com https://static.formstack.com https://ajax.googleapis.com https://storage.googleapis.com https://olympics.com/static/js/syndicated/v1/embed.js blob: https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://assets.ngin.com https://assets.stage.ngin.com https://fonts.googleapis.com https://assets.juicer.io https://www.burst.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thrivsports.s3.us-east-1.amazonaws.com https://static.formstack.com cloud.typography.com fonts.googleapis.com; frame-ancestors 'self' https://*.sportngin.com https://app.stage.ngin-staging.com; report-uri https://www.sportsengine.com/report-uri/enforce 4
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 4
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn 4
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 4
frame-ancestors 'self' https://optimize.google.com/ 4
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: 4
style-src https: 'unsafe-inline' ; script-src https: data 'unsafe-inline' 'unsafe-eval' ; default-src * data: ; 4
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ 4
default-src 'self' 'unsafe-inline' www.pentair.com;             script-src 'self' 'unsafe-inline' 'unsafe-eval' www.pentair.com assets.adobedtm.com apps.bazaarvoice.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.cloudfront.net cdn.cookielaw.org cdn.curator.io st1.dialogtech.com googleads.g.doubleclick.net connect.facebook.net www.google.com www.googleadservices.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com www.gstatic.com *.ss-omtrdc.net script.hotjar.com static.hotjar.com cdn.jsdelivr.net geolocation.onetrust.com polyfill.io cdn.roirevolution.com cdn.storepoint.co use.typekit.net www.youtube.com *.bazaarvoice.com *.taboola.com bat.bing.com *.criteo.net *.criteo.com *.affirm.com mpsnare.iesnare.com;             style-src 'self' 'unsafe-inline' www.pentair.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.curator.io use.fontawesome.com fonts.googleapis.com placehold.it display.ugc.bazaarvoice.com;             font-src 'self' data: www.pentair.com maxcdn.bootstrapcdn.com cdn.curator.io use.fontawesome.com fonts.gstatic.com use.typekit.net script.hotjar.com;             connect-src 'self' www.pentair.com *.algolia.com *.algolia.net *.algolianet.com insights.algolia.io cdn.cookielaw.org api.curator.io dpm.demdex.net pentairmg.demdex.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googleapis.com *.hotjar.com *.omtrdc.net *.ss-omtrdc.net privacyportal.onetrust.com s7d2.scene7.com api.vimeo.com trc-events.taboola.com bat.bing.com *.affirm.com *.bazaarvoice.com;             frame-src 'self' www.pentair.com *.doubleclick.net www.google.com vars.hotjar.com www.pentairpoolimages.com www.pentairpartners.com where-to-buy.co www.facebook.com pentairmg.demdex.net www.youtube.com gum.criteo.com *.affirm.com static.criteo.net *.bazaarvoice.com;             img-src * data:;             media-src *;             frame-ancestors 'self' www.pentair.com *.doubleclick.net www.google.com vars.hotjar.com www.pentairpoolimages.com www.pentairpartners.com where-to-buy.co www.facebook.com pentairmg.demdex.net www.youtube.com gum.criteo.com *.affirm.com static.criteo.net *.bazaarvoice.com; 4
frame-ancestors 'self' https://webvisor.com 4
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' maps.googleapis.com/   syndication.twitter.com/ ajax.aspnetcdn.com/ajax/jquery.validate/1.15.0/jquery.validate.min.js ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js analytics.twitter.com/i/adsct  c.evidon.com/sitenotice/ c.evidon.com/geo/country.js code.jquery.com/jquery-1.10.2.min.js connect.facebook.net/en_US/fbevents.js  d3js.org/d3.v3.min.js   platform.twitter.com/widgets.js s.ytimg.com/yts/jsbin/www-widgetapi-vflJFa_jA/www-widgetapi.js snap.licdn.com/li.lms-analytics/insight.old.min.js snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js www.google-analytics.com/analytics.js www.googletagmanager.com/gtm.js www.instagram.com/embed.js www.youtube.com/ cdnjs.cloudflare.com app.bowencraggs.com maps.googleapis.com/maps-api-v3/api/js/44/4/common.js connect.facebook.net/signals/config/;  style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com; object-src 'none'; base-uri 'self';  connect-src 'self' www.google-analytics.com optoutapi.evidon.com; font-src 'self' fonts.gstatic.com; frame-src 'self' syndication.twitter.com/ irs.tools.investis.com otp.tools.investis.com platform.twitter.com www.instagram.com www.youtube.com; img-src 'report-sample' 'unsafe-inline' 'self' data: c.evidon.com www.linkedin.com i.ytimg.com l.evidon.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com syndication.twitter.com t.co www.facebook.com www.google-analytics.com www.googletagmanager.com p.adsymptotic.com c.evidon.com/sitenotice/images/evidon-change-alert.png; manifest-src 'self'; media-src 'self';  report-uri https://5f9932cfca69962525be30e3.endpoint.csper.io/; worker-src 'none'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 4
connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
default-src https: 'unsafe-eval' 'self' data: ws.pusherapp.com wss: bugherd-attachments.s3.amazonaws.com screenshots.bugherd.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' static.addtoany.com www.bugherd.com kit.fontawesome.com ka-p.fontawesome.com ws.pusherapp.com fonts.googleapis.com sockjs.pusher.com www.google-analytics.com www.googletagmanager.com; object-src ws.pusherapp.com; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: fonts.googleapis.com; media-src https: data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com ka-p.fontawesome.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net; report-uri /report-csp-violation 4
frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com 4
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 4
default-src 'self' *.transactcampus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.cdn.ampproject.org *.unpkg.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.unpkg.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js *.assets.adobedtm.com https://bat.bing.com/bat.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.transactcampus.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.bat.bing.com/ *.transactcampus.com/ https://transactcampus.com/; media-src 'self' data: blob:; frame-src 'self' *.svc.dynamics.com *.youtube.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.linkedin.com *.google-analytics.com https://cors-anywhere.herokuapp.com/https://www.linkedin.com/talent/thirdPartyJobBoards/79c55724-9a68-4e33-bdba-2e90bfc6a55f; 4
frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 4
frame-ancestors "self" www.charleskeith.com www.pedroshoes.com www.charleskeith.co.th 4
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 4
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com *.livechatinc.com app.chaport.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.secure.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it *.modirum.com *.paylife.at *.ctbcbank.com *.ocbc.com ws.zoominfo.com 4
upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 4
default-src  https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 4
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 4
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com blob:; style-src 'self' *.flickr.com *.staticflickr.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com storage.googleapis.com wss://socket.push.al; report-uri /report-csp-violation 4
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 4
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 4
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com *.doubleclick.net *.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl *.tinymce.com *.seznam.cz;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl cdn.tiny.cloud;object-src 'self' cdn-vsh.prague.eu 4
base-uri 'self'; style-src 'self'; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de; font-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 4
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com 4
default-src 'self' api.marker.io *.aticdn.net *.bootstrapcdn.com calendly.com cdn.matomo.cloud *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io marker.io *.msecnd.net *.netrk.net prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io assets.calendly.com *.aticdn.net *.bootstrapcdn.com *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io marker.io *.msecnd.net *.netrk.net prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me snap.licdn.com ssr.marker.io *.webasto.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io assets.calendly.com *.aticdn.net *.bootstrapcdn.com cdn.matomo.cloud *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io firebot.io *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io marker.io *.msecnd.net *.netrk.net prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io *.usercentrics.eu *.webasto.com webasto.matomo.cloud *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 4
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 4
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.parp.gov.pl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://stats.g.doubleclick.net; 4
default-src 'self'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forter.com  *.go2bank.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' *.google-analytics.com *.appsflyer.com *.go2bank.com *.appsflyer.com go2bank.sjv.io  kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' i.ytimg.com *.go2bank.com *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' *.pardot.com  *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.walmartmoneycard.com; 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
: default-src 'self' 4
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 4
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 4
font-src *;img-src * data:; 4
block-all-mixed-conten 4
default-src * data: content-src 'self' ws: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.phenom.com cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com  www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 4
frame-ancestors 'self' *.dnc.io 4
default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 4
: block-all-mixed-content 4
frame-ancestors *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info; default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 4
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 4
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: 'unsafe-eval' http://www.w3.org; style-src https: 'unsafe-inline';connect-src 'self' https: wss://socket.tidio.co https://stats.pakaloa.com https://transactional-api.hu-manity.co;font-src 'self' data: https:; 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 4
script-src 'self' https://home-c28.incontact.com https://www.gstatic.cn *.acceleratoradmin.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn 'unsafe-inline';style-src 'self' cdn.highimpactpayments.com *.acceleratoradmin.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com topcashbackdigitalsolutions.co.uk https://api-js.mixpanel.com api-js.mixpanel.com api-js.mixpanel.com https://cdn.highimpactpayments.com;font-src 'self' cdn.highimpactpayments.com https://ajax.aspnetcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn;img-src 'self' cdn.highimpactpayments.com https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data: https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn;frame-src 'self' https://home-c28.incontact.com https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com 4
frame-ancestors 'self' mytst.acpny.com my.acpny.com; 4
frame-ancestors 'self' https://dashboard.vidy.com; 4
object-src 'self'; 4
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 4
upgrade-insecure-requests; frame-ancestors 'none' 4
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 4
default-src 'self'; connect-src 'self' yandex.ru *.yandex.ru *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.usedesk.ru *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com wss://pubsub.usedesk.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.usedesk.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.usedesk.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; img-src 'self' data: *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.usedesk.ru *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru *.ligastavok.ru ligastavok.ru *.yandex.net *.ytimg.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.usedesk.ru onesignal.com *.onesignal.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net vimeo.com sportrecs.com; font-src 'self' 'unsafe-inline' *.gstatic.com *.usedesk.ru data:; media-src 'self' *.usedesk.ru *.yastatic.net *.adfox.ru *.yandex.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 4
frame-ancestors 'self' *.promod.fr *.promod-dev.fr *.promod.com *.promod.de *.promod.pl *.promod.it *.promod.ch *.promod.cz *.promod.es *.promod.co.uk *.promod.eu *.promod.hu *.wonderpush.com 4
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 4
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 4
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4
frame-ancestors 'self' https://www.bosoy-online.com 4
default-src: https: 4
default-src * 'unsafe-inline' 'unsafe-eval' data:; media-src * blob:; child-src * blob:; report-uri /report-csp-violation 4
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 4
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; font-src 'self' data: https: 4
connect-src 'self' 4
default-src * 'unsafe-inline' data: 'unsafe-eval'; 4
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 4
frame-ancestors 'self' https://www.facebook.com 4
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 4
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 4
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 4
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4
frame-ancestors 'self' https://*.moody.edu 4
Content-Security-Policy-Report-Only 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 4
default-src https: data:; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 4
default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com; connect-src 'self' https://www.google-analytics.com https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4
default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 4
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 4
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.mktoresp.com;block-all-mixed-content;upgrade-insecure-requests; 4
object-src 'none'; form-action 'self' 4
frame-ancestors 'self' https://smartnutri-stag.firebaseapp.com/ https://smartfitnutri.app/ 4
font-src *.gstatic.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action *.pardot.com *.douglaslabs.com *.seroyal.com *.pureencapsulations.com *.kleanathlete.com *.douglaslabs.ca *.seroyal.ca *.pureencapsulations.ca *.kleanathlete.ca 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.pardot.com *.mpeasylink.com *.artifi.net *.facebook.com *.nr-data.net *.google.com *.youtube.com 'self' 'unsafe-inline'; img-src data: amcglobal.sc.omtrdc.net *.convertlanguage.com *.i.ytimg.com *.nextopia.net *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.newrelic.com *.bootstrapcdn.com *.douglaslabs.com *.seroyal.com *.pureencapsulations.com *.kleanathlete.com *.douglaslabs.ca *.seroyal.ca *.pureencapsulations.ca *.kleanathlete.ca 'self' 'unsafe-inline'; script-src *.seroyal.ca *.douglaslabs.ca *.youtube.com *.pureencapsulations.ca *.convertlanguage.com *.adobedtm.com *.pardot.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mpeasylink.com *.nextopiasoftware.com *.artifi.net *.assets.adobedtm.com *.googleapis.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com maps.googleapis.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.pardot.com *.nextopia.net *.ecomm-nav.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.seroyal.ca *.douglaslabs.ca *.pureencapsulations.ca *.mpeasylink.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.bootstrapcdn.com *.pardot.com *.nextopia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.nextopia.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline';  connect-src amcglobal.sc.omtrdc.net *.demdex.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.nr-data.net *.pardot.com *.nextopia.net  'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
object-src 'none'; frame-ancestors 'none' 4
frame-ancestors 'self' https://*.superoffice.com 4
frame-ancestors 'self' *.azdev.direct *.adobe.com 4
“upgrade-insecure-requests;� 4
frame-ancestors 'self'; block-all-mixed-content 4
nosniff 4
frame-ancestors whitelabel.camspower.com wlbackoffice3.xcams.com 4
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 4
frame-ancestors zyro.com editor.zyro.com www-staging.zyro.space builder-staging.zyro.space 4
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://drinksco.report-uri.io/r/default/csp/enforce 4
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com static.hotjar.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 4
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob: https://*.googlevideo.com:443 https://*.youtube.com:443; child-src blob: 4
frame-ancestors 'self' https://secure.safecharge.com; 4
frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 4
default-src https: data: 'unsafe-inline' 4
default-src https: 4
default-src: https: 'unsafe-inline' 4
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4
default-src https: data: wss: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.facebook.com *.googletagmanager.com *.demdex.net *.trustarc.com; 4
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com 'unsafe-eval'; style-src 'self' *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net 4
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 4
frame-ancestors 'self' https://*.b2bmit.com https://*.gocatalogs.com; 4
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 4
default-src https: http: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 4
script-src * 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self' * 'unsafe-inline' data:; 4
frame-ancestors 'none'; connect-src http://127.0.0.1:*; default-src https: 'unsafe-inline' 4
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 4
frame-ancestors 'self' https://www.facebook.com/ 4
frame-ancestors 'self' https://control.studentpad.com https://control.pad-group.com https://control.localpad.co.uk https://control.lettingspad.co.uk https://sandbox.studentpad.co.uk; 4
frame-ancestors 'self' *.epublishmerck.com facebook.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 4
frame-src 'self' *.jiathis.com *.baidu.com 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 4
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com 4
frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 4
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 4
frame-ancestors 'self' http://*.tiarccms.co.uk https://*.tiarccms.co.uk; 4
default-src * data: blob: about: vkcall:;script-src 'self' https://vk.com https://*.vk.com https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 3
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 3
frame-ancestors 'self' *.intranet *.uolinc.com; 3
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster:; report-uri https://o378271.ingest.sentry.io/api/5201427/security/?sentry_key=b97b30d6fd6244419f1e761e6f6f319a 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 3
connect-src http://www.aexp-static.com/ https://*.americanexpress.com/ https://assets.adobedtm.com/ https://papi.walkme.com/ https://nexus.ensighten.com/ https://*.demdex.net/ https://*.liveperson.net/ https://*.contentsquare.net/ http://dpm.demdex.net/ https://www.facebook.com/ http://*.americanexpress.com/ https://functions.aexp.com/ https://ad.doubleclick.net/ https://aeopprodvip.acxiom.com/ https://*.aexp-static.com/ wss://*.americanexpress.com/ https://*.akamaihd.net/ https://siteintercept.qualtrics.com/; media-src 'self' https://lpcdn.lpsnmedia.net/ https://lpchat.americanexpress.com/; frame-ancestors https://*.aexp.com/  https://*.americanexpress.com/; report-uri https://csp.tsrs.cloud/r/e6a580ef65d215ebac0bcc3f7d76b5c6a1e419cf; font-src https://cdnjs.cloudflare.com/ http://www.aexp-static.com/ https://use.typekit.net/ 'self' http://fonts.gstatic.com/ https://*.bootstrapcdn.com/ https://*.aexp-static.com/; object-src  'self'; worker-src  'self' blob:; script-src http://assets.adobedtm.com/ https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' 'self' http://lptag.liveperson.net/ https://*.liveperson.net/ https://googleads.g.doubleclick.net/ https://*.lpsnmedia.net/ https://www.googleadservices.com/ https://service.maxymiser.net/ https://*.aexp-static.com/ https://c00.adobe.com/ https://aexp.demdex.net/ http://nexus.ensighten.com/ https://connect.facebook.net/ http://*.aexp-static.com/ https://*.americanexpress.com/ https://cdn.appdynamics.com/ https://ct.contentsquare.net/ https://nexus.ensighten.com/ https://app.contentsquare.com/ https://contentsquare.com/ https://adservice.google.co.il/ http://*.americanexpress.com/ https://va.v.liveperson.net/ https://www.google.com/ https://*.akamaihd.net/ http://va.v.liveperson.net/ http://service.maxymiser.net/ 'unsafe-eval'; form-action http://www.americanexpress.com/ https://*.americanexpress.com/; style-src https://*.aexp-static.com/ https://14106077.va.cobrowse.liveperson.net/ 'unsafe-inline' 'self'; frame-src https://*.americanexpress.com/ https://staticxx.facebook.com/ https://*.demdex.net/ https://*.liveperson.net/ https://lpcdn.lpsnmedia.net/ http://aexp.demdex.net/ https://googleads.g.doubleclick.net/ http://*.americanexpress.com/ https://www.payback.it/ https://service.maxymiser.net/ https://*.aexp-static.com/ https://www.youtube.com/ https://*.akamaihd.net/ http://fast.aexp.demdex.net/; base-uri http://www.americanexpress.com/ https://*.americanexpress.com/ https://ds-aksb-a.akamaihd.net/ 'self'; img-src 'self' data: https: http:;  3
base-uri 'self'; connect-src *; default-src 'self' *.meetup.com *.dev.meetup.com:8001; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: ;script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; object-src 'none' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://storage.googleapis.com https://sc-kharon.appspot.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com https://*.firebaseio.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net https://*.firebaseio.com; connect-src 'self' https://snapchat-web.storage.googleapis.com https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://snapcodes.snapchat.com https://www.google-analytics.com wss://*.firebaseio.com https://www.googleapis.com https://securetoken.googleapis.com https://storage.googleapis.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 3
frame-ancestors 'self' *.bbb.org bbb.org *.bluebbb.org bluebbb.org *.myfloridacfo.com myfloridacfo.com jsfiddle.net fiddle.jshell.net 3
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 3
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 3
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 3
block-all-mixed-content; report-uri /csp-report?p=; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://*.stripecdn.com; connect-src 'self' https://errors.stripe.com https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://*.stripecdn.com; form-action 'self' https://climate.stripe.com; frame-src 'self' https://*.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://*.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com data: https://px.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' https://*.stripecdn.com https://videos.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-6hCrKkhcyMhhMFEfSpCTaBOu2I3bF+wiEjLQdI7s+jQ=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample' 3
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 3
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ; 3
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 3
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 3
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' o1.ingest.sentry.siemens-web.com *.execute-api.eu-west-1.amazonaws.com edge.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com assets.new.siemens.com api.dc.siemens.com w3.siemens.com searchapi.new.siemens.com privacyportal-eu.onetrust.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net blob: www.facebook.com www.google.com hm.virtualevent.siemens.com; default-src 'self' blob:; font-src 'self' www.siemens.com tools.adlytics.net data: fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net; img-src 'self' data: blob: android-webview-video-poster: *; manifest-src 'self'; media-src 'self' manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com blob:; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com players.brightcove.net vjs.zencdn.net w3.siemens.com prod.ste.dc.siemens.com tools.adlytics.net www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net www.google.com static.ads-twitter.com analytics.twitter.com; style-src 'report-sample' 'self' 'unsafe-inline' tools.adlytics.net; worker-src blob:; report-uri https://o1.ingest.sentry-xl.siemens-web.com/api/2/security/?sentry_key=1ee914da45a24a1491f0e46e1d0d92c9&sentry_environment=siemenscom-prod&sentry_release=06783db9; 3
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabassetmanagement.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com 3
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 3
frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io; 3
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  3
report-uri /v1/csplog; block-all-mixed-content 3
default-src 'self' http: https: 3
frame-ancestors 'self' *.coe.int 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 3
upgrade-insecure-requests; frame-ancestors 'self' https://www.straitstimes.com http://www.straitstimes.com; 3
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com  https://servicenow.highspot.com 3
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 3
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://static.accountdock.com https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com *.atdmt.com www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com *.facebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.facebook.net *.fbthirdpartypixel.com *.akamaihd.net *.oculuscdn.com *.atdmt.com data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com alb.reddit.com;frame-src *.oculus.com *.fbthirdpartypixel.com *.facebook.com *.youtube.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com;report-uri https://www.facebook.com/csp/reporting/; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com https://dqm.crownpeak.com; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net *.bluekai.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com http://www.oracle.com https://api.crownpeak.net/; media-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 3
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3
frame-ancestors *.motorsport.com *.motorsport.uol.com.br motorsport.uol.com.br *.autosport.com 3
frame-ancestors https://app.c-spanbus.org https://*.c-span.org 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com *.paytm.in paytmstores.com *.paytmstores.com polyfill.io widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net alipaybridge://* cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in blob:; frame-src 'self' *.paytm.com *.paytm.in *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com polyfill.io paytmstores.com *.paytmstores.com alipaybridge://* widget.gleamjs.io gleam.io;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 3
connect-src 'self' https://survey.brave.com https://subscriptions.bsg.brave.com; default-src 'none'; media-src 'self'; font-src 'self' https://brave.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://blog.batcommunity.org; frame-src 'self' https://html5-player.libsyn.com https://survey.brave.com https://www.brave.com https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://public.tableau.com https://www.slideshare.net https://docs.google.com https://www.youtube-nocookie.com https://js.driftt.com; img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://secure.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://survey.brave.com https://brave.com https://djtflbt20bdde.cloudfront.net https://analytics.brave.com https://boards.greenhouse.io https://js.driftt.com; style-src 'self' 'unsafe-inline' https://brave.com https://fonts.googleapis.com; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests 3
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 3
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
child-src 'self'; connect-src 'self' https://*.akafms.net https://*.akamaihd.net https://*.media.brightcove.com https://*.brightcove.com https://*.brightcovecdn.com https://*.brightcove.net https://*.digitalpfizer.com https://*.evidon.com https://*.hotjar.com https://*.llnw.net/ https://*.llnwd.net/ https://adservice.google.com https://amer-identity.pfizer.com https://bam-cell.nr-data.net https://bam.nr-data.net https://brightcove.hs.llnwd.net https://dpm.demdex.net https://edge.api.brightcove.com https://emea-identity.pfizer.com https://house-cloudfront.ap-northeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-2.prod.boltdns.net https://house-cloudfront.eu-west-1.prod.boltdns.net https://house-cloudfront.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://knrpc.olark.com/nrpc/ https://l.betrad.com https://players.brightcove.net https://sitecatalyst.omniture.com/sc15/activitymap https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://tagmanager.google.com https://vc.hotjar.io/ https://www.facebook.com https://www.google-analytics.com wss://*.hotjar.com wss://*.pfizer.com https://pfe-pfizercom-d8-dev.s3.us-east-1.amazonaws.com https://m.addthis.com https://api-v3.conductrics.com https://cdn-v3.conductrics.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.us-east-1.amazonaws.com https://players.brightcove.net/ https://players.brightcove.net/1852113022001/ByY1aeWF_default/config.json https://players.brightcove.net/1852113022001/7eDMrqTZyS_default/config.json https://www.youtube.com/iframe_api https://svc.webspellchecker.net https://cdn-dev.pfizer.com https://cdn.pfizer.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://quilt-cdn.janrain.com/HEAD/JanrainIcons.eot https://quilt-cdn.janrain.com/HEAD/JanrainIcons.svg https://script.hotjar.com https://use.fontawesome.com/releases/ https://use.typekit.net https://vjs.zencdn.net https://www.youtube.com https://maxcdn.bootstrapcdn.com https://s3.us-east-2.amazonaws.com https://svc.webspellchecker.net https://cdn.pfizer.com https://cdn-dev.pfizer.com; frame-src 'self' tel: https://*.fls.doubleclick.net https://*.janrainsso.com https://activitymap.adobe.com/sc15/activitymap/ https://bid.g.doubleclick.net https://l3.evidon.com https://players.brightcove.net https://static.addtoany.com https://static.olark.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.google.com/maps/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com https://s7.addthis.com https://platform.twitter.com https://syndication.twitter.com https://www.hapyak.com https://player.simplecast.com https://p2a.co https://www.pfizer.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://action.pfizer.com https://www.medrespond-pfra.com https://twitter.com https://insight.adsrvr.org https://pfe-pfizercom-d8-dev.s3.amazonaws.com/ https://docs.google.com/ https://match.adsrvr.org/ https://www.shaa.it https://cdn-dev.pfizer.com https://cdn.pfizer.com; img-src 'self' about: data: https://* https://img.youtube.com https://cdnjs.cloudflare.com https://pbs.twimg.com https://images-cdn.newscred.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://platform.twitter.com https://developers.google.com https://pixel.newscred.com https://t.co/i/adsct https://tr.outbrain.com/pixel https://amplifypixel.outbrain.com/pixel https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px/ https://app.icontact.com https://s3.us-east-2.amazonaws.com https://secure.adnxs.com https://pixel.mediaiqdigital.com https://cdn-dev.pfizer.com https://cdn.pfizer.com; manifest-src 'self'; media-src 'self' data: blob: https://*.akafms.net https://*.akamaihd.net https://*.boltdns.net https://*.brightcovecdn.com https://*.llnw.net https://*.llnwd.net https://*.media.brightcove.com https://brightcove.hs.llnwd.net https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/ https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://cdn-dev.pfizer.com https://cdn.pfizer.com; prefetch-src 'self' https://*.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.digitalpfizer.com https://*.janrain.com https://*.janraincapture.com https://*.janrainsso.com https://ajax.googleapis.com https://api.olark.com https://assets.adobedtm.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://connect.facebook.net https://c.evidon.com https://l.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://googleads.g.doubleclick.net https://js.bizographics.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://l.betrad.com https://maps.googleapis.com https://optoutapi.evidon.com https://p.adsymptotic.com https://pfizer-grv-eu.janraincapture.com https://players.brightcove.net https://px.ads.linkedin.com https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://static.addtoany.com https://static.olark.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vjs.zencdn.net https://www.bizographics.com https://www.google.com/recaptcha/ https://www.google.com/search/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://cdn.jsdelivr.net https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://platform.twitter.com https://cdn.syndication.twimg.com https://p2a.co https://www.youtube.com/iframe_api https://action.pfizer.com https://s.ytimg.com https://maxcdn.bootstrapcdn.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://amplify.outbrain.com https://snap.licdn.com https://app.icontact.com https://d2qrdklrsxowl2.cloudfront.net https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://js.adsrvr.org https://svc.webspellchecker.net https://tr.outbrain.com https://bam-cell.nr-data.net https://cdn.taboola.com https://trc.taboola.com https://cdn-dev.pfizer.com https://cdn.pfizer.com cdn-v3.conductrics.com cdnjs.cloudflare.com https://pkg-cdn.digitalpfizer.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://*.janrain.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://players.brightcove.net https://quilt-cdn.janrain.com/HEAD/providers.css https://quilt-cdn.janrain.com/HEAD/widgets.css https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://translate.googleapis.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net https://www.youtube.com https://platform.twitter.com https://ton.twimg.com https://app.icontact.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://svc.webspellchecker.net https://tr.outbrain.com https://cdn-dev.pfizer.com https://cdn.pfizer.com cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/enforce 3
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 3
default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 3
style-src 'unsafe-inline' 'self' *.yximgs.com https://captcha.gtimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js https://captcha.guard.qcloud.com https://captcha.gtimg.com; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 3
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 3
default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 3
frame-ancestors 'self' *.ally.com; 3
style-src 'self' 'unsafe-inline' *.credit-suisse.com *.credit-suisse.cspta.ch *.hedani.net *.credit-suisse-stg.cspta.ch *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net 3
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk maps.googleapis.com static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com tags.tiqcdn.com cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com; img-src 'self' data: *.afterpay.com *.clearpay.co.uk maps.gstatic.com *.googleapis.com *.ggpht cdn.builder.io static.fbot.me www.google.co.nz www.google.com www.google.com.au www.googletagmanager.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com cdn.branch.io www.google-analytics.com public.fbot.me connect.facebook.net *.onetrust.com cdn.dashhudson.com files.prezzee.com files.prezzee.com.au files.prezzee.uk; script-src-elem 'self' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.googleapis.com cdn.builder.io lcx-embed.bambuser.com www.googletagmanager.com snap.licdn.com connect.facebook.net sc-static.net t.contentsquare.net munchkin.marketo.net djnf6e5yyirys.cloudfront.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.branch.io app.link public.fbot.me static.fbot.me campaign.fbot.me *.onetrust.com tags.tiqcdn.com cdn.dashhudson.com; object-src 'none'; base-uri 'none'; 3
frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 3
upgrade-insecure-requests; default-src * data: blob: *.medallia.eu *.kampyle.com *.google-analytics.com https://unpkg.com/ https://hello.myfonts.net/count/39cfed https://monitor.clickcease.com https://www.clickcease.com/monitor/stat.js; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.medallia.eu *.kampyle.com https://unpkg.com/ https://monitor.clickcease.com *.go-mpulse.net https://resources.digital-cloud.medallia.eu/favicon.ico https://unpkg.com/web-vitals *.go-mpulse.net/boomerang/* https://www.facebook.com/tr/ https://www.clickcease.com/monitor/stat.js https://cdn.tt.omtrdc.net https://stmicroelectronics.tt.omtrdc.net *.nrich.ai *.speedcurve.com *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://hello.myfonts.net/count/39cfed https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn browser-update.org *.blob.core.windows.net *.adobedtm.com *.demandbase.com *.s3.amazonaws.com *.ads.linkedin.com *.onetrust.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://connect.facebook.net https://cdn.decibelinsight.net wss://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net; style-src * data: blob: *.medallia.eu *.kampyle.com 'unsafe-inline' https://monitor.clickcease.com https://unpkg.com/ https://www.clickcease.com/monitor/stat.js https://hello.myfonts.net/count/39cfed; connect-src 'self' *.google-analytics.com *.medallia.eu *.nrich.ai *.speedcurve.com *.kampyle.com *.go-mpulse.net *.akamaihd.net *.akstat.io https://unpkg.com/ https://stats.g.doubleclick.net/* https://stats.g.doubleclick.net https://*.go-mpulse.net/boomerang/* https://www.facebook.com/tr/ https://monitor.clickcease.com https://www.clickcease.com/monitor/stat.js https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://hello.myfonts.net/count/39cfed https://privacyportal-de.onetrust.com/request/v1/consentreceipts* *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn *.demandbase.com *.company-target.com *.s3.amazonaws.com https://api.ipify.org https://stmicroelectronics.tt.omtrdc.net https://dpm.demdex.net https://cdn.decibelinsight.net wss://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net 3
frame-ancestors 'self' https://www.grainger.com; 3
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com *.marketo.com; connect-src 'self' *.6sc.co *.6sense.com *.company-target.com *.google-analytics.com *.litix.io *.mktoresp.com *.mktoutil.com *.stripe.com *.wistia.com s3.amazonaws.com api.lever.co embedwistia-a.akamaihd.net hackerone.com secure.adnxs.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com *.typekit.net; form-action 'self' *.marketo.com *.twitter.com; frame-ancestors 'self'; frame-src 'self' fast.wistia.com js.driftt.com *.youtube.com *.youtube-nocookie.com *.marketo.com *.twitter.com my.pima.app; object-src 'self'; img-src 'self' data: *.6sc.co *.adsymptotic.com *.bidr.io *.company-target.com *.google-analytics.com *.google.com *.linkedin.com *.techtarget.com *.twimg.com *.twitter.com s3.amazonaws.com cdn.bizible.com cdn.bizibly.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com id.rlcdn.com stats.g.doubleclick.net t.co via.placeholder.com https://*.googletagmanager.com; media-src 'self' blob: data: *.wistia.com s3.amazonaws.com embedwistia-a.akamaihd.net; script-src 'self' 'sha256-GIzg/vN5a9TbTavbaC/fu8ZDVJriAcj3NVOm9O9Ez7g=' 'sha256-njEVDP22SRLTbvkBGYBk/bZxj3vsHZe/TM7+ykFIPtk=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' *.6sc.co *.ads-twitter.com *.cloudflare.com *.demandbase.com *.google-analytics.com *.linkedin.com *.techtarget.com *.twitter.com *.marketo.com *.ads-twitter.com s3.amazonaws.com cdn.bizible.com cdn.syndication.twimg.com fast.wistia.com js.driftt.com munchkin.marketo.net snap.licdn.com unpkg.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' *.twitter.com *.marketo.com s3.amazonaws.com checkout.stripe.com fast.wistia.com fonts.googleapis.com *.typekit.net; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se; report-uri /csp-error; 3
frame-ancestors 'self' secure.motogp.com; 3
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com 3
frame-ancestors 'self' https://*.rightmessage.com; 3
frame-ancestors  https://*.propellerads.com; 3
default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3
frame-ancestors 'self' *.oui.sncf; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 3
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://www.paypalobjects.com https://insights.algolia.io; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com https://scontent.xx.fbcdn.net https://alb.reddit.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://assets.adobedtm.com https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://bam-cell.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://www.redditstatic.com https://edge.fullstory.com https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://bam-cell.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com https://insights.algolia.io https://graph.instagram.com https://*.algolianet.com https://*.algolia.net https://s.yimg.com https://rs.fullstory.com https://*.go-mpulse.net; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com https://player.simplecast.com https://wellsaid.simplecast.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 3
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com player.youku.com https://c.paypal.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com www.tradays.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.mql5.com www.tradays.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com; media-src 'self' msg1.mql5.com c.mql5.com; font-src c.mql5.com; connect-src 'self' trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com; frame-src 'self' c.mql5.com www.tradays.com trade.mql5.com player.youku.com www.youtube.com https://c.paypal.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com player.youku.com www.youtube.com; worker-src 'self' c.mql5.com player.youku.com www.youtube.com; 3
style-src 'self' 'unsafe-inline'; 3
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 3
default-src https://revain.org https://api.mobilum.com https://widget.mobilum.com https://sdk.im.jiguang.cn https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://upload.qiniup.com https://frontend-helper.cloudtechnet.cn https://*.staticimg.com https://*.kucoin.top https://*.kucoin.com https://*.kucoin.cc https://*.kucoin.biz https://pool-x.io https://*.kumex.com https://*.kumex.top https://*.pool-x.io https://*.kubi.cc https://*.kcs.top https://*.kcsfile.com https://storage.googleapis.com https://font.googleapis.com https://www.recaptcha.net https://at.alicdn.com https://g.alicdn.com https://www.google-analytics.com https://www.gstatic.cn https://fonts.gstatic.cn https://fonts.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://api.growingio.com https://tags.growingio.com https://ekr.zdassets.com https://ekr.zdassets.com https://www.growingio.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline' https://static.geetest.com https://api.geetest.com https://dn-staticdown.qbox.me https://www.youtube.com https://kucoin.zendesk.com https://rollbar-eu.zendesk.com http://goto.zendesk.com https://developer.zendesk.com https://support.zendesk.com https://www.zendesk.com/ https://ekr.zdassets.com https://ekr.zdassets.com https://static.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://cdn.zopim.com https://www.zopim.com https://uploads.zopim.com https://assets.zopim.com https://api.zopim.com https://v2assets.zopim.io https://cdn.zopim.com https://www.google.co.jp https://www.google.com; font-src http: https: data:; img-src http: https: data: blob:; worker-src http: https: data: blob:; child-src http: https: data: blob:; frame-ancestors 'self' https://www.growingio.com wss://widget-mediator.zopim.com https://v2.zopim.com https://cdn.zopim.com https://www.zopim.com https://uploads.zopim.com https://assets.zopim.com https://api.zopim.com https://v2assets.zopim.io https://cdn.zopim.com https://www.google.co.jp https://www.google.com 3
default-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io 'unsafe-inline'; frame-src *; media-src *; img-src * data: blob:; font-src *.beeline.ru data:; script-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net  *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.beeline.ru metrika.yandex.ru mc.yandex.ru http://webvisor.com *.yandex.net *.mtproxy.yandex.net *.yandex.tld yastatic.net; connect-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io wss://*.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 anketa.alfabank.ru *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app wss://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io 'unsafe-inline' 3
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 3
font-src * data:; img-src * data: blob:; worker-src blob:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com marchofdimes.formstack.com api.mapbox.com events.mapbox.com *.tiles.mapbox.com cdn.heapanalytics.com heapanalytics.com *.taboola.com *.hsleadflows.net *.hsforms.com *.steelhousemedia.com secure.quantserve.com *.quantcount.com apps.rokt.com/ *.apple.com *.cdn-apple.com *.wdsvc.net *.supportgroupscentral.com; frame-ancestors 'self' *.marchofdimes.org *.marchforbabies.org; 3
frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src * 3
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 3
frame-ancestors secure.livechatinc.com www.youtube.com www.google.com 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com 'self'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 3
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 3
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com cloverstatic.com images.contentful.com mver.agkn.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com maps.googleapis.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com script.hotjar.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com t.powerreviews.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com data.adxcel-ec2.com s.yimg.com *.mydisputemanager.com *.evidon.com; font-src data: 'self' maxcdn.bootstrapcdn.com *.clover.com cloverstatic.com fonts.gstatic.com heapanalytics.com script.hotjar.com js.intercomcdn.com use.fontawesome.com *.walkme.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com cloverstatic.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com mainstreetinsights.firstdata.com *.mydisputemanager.com; connect-src 'self' bat.bing.com *.clover.com cloverstatic.com wss://*.clover.com *.contentful.com stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io *.powerreviews.com collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net *.walkme.com ordering.app s.yimg.com *.mydisputemanager.com *.evidon.com order-ahead-network-production.herokuapp.com api.thelevelup.com wss://ws4.hotjar.com; default-src 'self' *.clover.com cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com cloverstatic.com nifegwy.neustar.biz googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com ui.powerreviews.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com s.yimg.com sp.analytics.yahoo.com *.mydisputemanager.com *.evidon.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.clover.com cloverstatic.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com *.natwest-tyl.com *.usetyl.com ui.powerreviews.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com *.mydisputemanager.com; media-src 'self' *.clover.com cloverstatic.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com cloverstatic.com *.natwest-tyl.com *.usetyl.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 3
frame-ancestors 'self' *.eur.nl 3
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' wss://ws13.hotjar.com https://ws13.hotjar.com https://in.hotjar.com wss://ws1.hotjar.com https://ws1.hotjar.com https://analytics.google.com https://s1737033466.t.eloqua.com https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://www.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' https://*.avaya.com ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 3
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 3
frame-ancestors 'self' https://wiki.abbyy.com 3
default-src 'self' data: *.bouncex.net *.pressablecdn.com *.wp.com *.gravatar.com  *.google-analytics.com *.hotjar.com *.doubleclick.net *.convertkit.com 'unsafe-inline'; object-src *; img-src *; media-src *; frame-src *; font-src 'self' data: *.pressablecdn.com *.wp.com *.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' *.pressablecdn.com *.wp.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: *.pressablecdn.com app.convertkit.com ajax.googleapis.com www.googletagmanager.com connect.facebook.net secure.gaug.es stats.g.doubleclick.net *.wp.com *.google-analytics.com *.hotjar.com *.bounceexchange.com *.optimizely.com 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://rules.quantcount.com https://secure.quantserve.com https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src http://cicloud.s3.amazonaws.com https://cicloud.s3.amazonaws.com https://pixel.quantserve.com https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' *.crazyegg.com https://recording.crazyegg.com https://privacyportal-eu.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src civideos.ciapps.org 'self' data: blob:; child-src 'self' https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com; report-uri /report-csp-violation 3
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 3
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 3
object-src 'self'; frame-ancestors 'self' 3
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 3
default-src 'none';img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:;style-src 'unsafe-inline' https:;font-src data: https:;frame-ancestors 'self';connect-src https:; media-src blob: https:;frame-src https: data: blob:;child-src https:;worker-src blob: https:;base-uri https:;form-action https: 3
frame-ancestors 'self'  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com  https://platform.cloud.coveo.com  https://search.cloud.coveo.com 3
default-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch; script-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://google.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com http://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://www.gstatic.com https://www.linkedin.com https://analytics.twitter.com https://px.ads.linkedin.com https://maps.googleapis.com https://platform.twitter.com https://cdn.checkout.com https://static-resource.com https://sjs.bizographics.com https://snap.licdn.com http://bat.bing.com https://bat.bing.com https://www.dwin1.com http://www.dwin1.com https://*.intercom.io http://*.intercom.io https://*.intercomcdn.com http://*.intercomcdn.com https://p.teads.tv; font-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' chrome-extension 'self' data: http://*.gstatic.com https://*.gstatic.com https://*.intercomcdn.com https://github.com/google/fonts; style-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://tagmanager.google.com; img-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' 'self' data: android-webview-video-poster https://* http://*; object-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://vjs.zencdn.net; connect-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch ws://*.infomaniak.ch:* ws://*.infomaniak.com:* wss://*.infomaniak.ch:* wss://*.infomaniak.com:* https://www.google.com https://nexus-long-poller-a.intercom.io https://*.bugsnag.com https://bat.bing.com http://bat.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://www.google.ch https://www.google.fr https://www.google.de https://www.google.be https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.checkout.com https://*.intercom.io http://*.intercom.io wss://*.intercom.io; child-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net; frame-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net; media-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://js.intercomcdn.com; worker-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch data: blob:; report-uri /api/csp-report; 3
frame-ancestors 'self' *.optimizely.com 3
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com  https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io; connect-src 'self' https://*.oebb.at https://obc.railcargo.com https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io https://*.playertec.de; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://my.walls.io https://*.vimeo.com https://service.studiobaff.com https://*.playertec.de; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 3
frame-ancestors 'self' connectappypie.com; 3
frame-ancestors 'self' https://www.maykinmedia.nl https://www.lessonup.com https://lessonup.app 3
default-src 'self' vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com *.coinbase.com *.zdassets.com cdn.sift.com cdn.segment.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com *.coinbase.com object-detection.vercel.app serverless-vrs.vercel.app github.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' stream.mux.com *.fastly.net *.stackpathdns.com *.hwcdn.net videos.ctfassets.net blob: vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;connect-src *;font-src *.zeit.co *.vercel.com *.gstatic.com *.intercomcdn.com;worker-src blob: 3
frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www.zyxel.ch https://www.zyxel.fr https://www12.zyxel.com 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 3
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://release2.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://release2.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://release2.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.inside-graph.com https://use.typekit.net https://p.typekit.net; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 3
default-src 'self' *.liberbank.es https://www.google.com https://www.facebook.com/tr/ https://api.liberbank.es:80 https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.norbolsa.es https://analytics.twitter.com https://www.liberbank.es https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://storage.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://use.typekit.net/lzp0kbu.js https://maps.googleapis.com https://cse.google.com *.hotjar.com https://www.googleadservices.com https://bat.bing.com https://track.adform.net https://googleads.g.doubleclick.net *.browseranalytic.com browseranalytic.com https://player.vimeo.com/api/player.js https://piwik.lander.net/piwik.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ https://connect.facebook.net https://service.force.com https://liberbankit.my.salesforce.com https://d.la1-c1-frf.salesforceliveagent.com https://onboardinglbk.secure.force.com https://s2.adform.net https://www.tarjetaplaystation.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://p.typekit.net https://www.google.com/cse/static/ https://service.force.com https://onboardinglbk.secure.force.com;img-src 'self' https://t.co https://www.google-analytics.com https://www.google.com https://www.facebook.com https://www.norbolsa.es data: https://p.typekit.net https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googleapis.com https://clients1.google.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.es *.browseranalytic.com browseranalytic.com https://googleads.g.doubleclick.net https://clean.tracksacai.com https://tbl.tradedoubler.com https://afinia.uinterbox.com https://openlead.bankimia.com https://atrapacredito.go2cloud.org https://liberbankit--devcc2--c.cs84.visual.force.com https://liberbankit--devcc2.cs84.my.salesforce.com https://www.gstatic.com;connect-src 'self' wss://ws18.hotjar.com wss://*.hotjar.com https://bat.bing.com https://www.facebook.com https://www.liberbank.es https://bat.bing.com https://analytics.google.com https://www.google-analytics.com https://lbk-asistente-pro-principal.appspot.com https://vc.hotjar.io https://api.liberbank.es https://api-glbk.liberbank.es https://lbkapi-pre.vorago.es https://in.hotjar.com https://sentry.hotjar.com/ *.browseranalytic.com browseranalytic.com https://cse.google.com https://stats.g.doubleclick.net https://devcc4-onboardinglbk.cs109.force.com https://onboardinglbk.secure.force.com https://ws1.premiumnumbers.es/C2M/C2M/NLL/pgXrgNiYWTnjRyy03oavuViq1osOt96N/;font-src 'self' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.facebook.com/tr/;object-src 'self';media-src 'self';sandbox allow-forms allow-scripts allow-modals allow-popups allow-presentation allow-same-origin allow-popups-to-escape-sandbox allow-top-navigation ;child-src 'self' https://portalprov.liberbank.es https://www.facebook.com https://openbanking.liberbank.es https://bedesa-liberbank.ceca.es https://cse.google.com https://vars.hotjar.com https://www.youtube.com https://track.adform.net https://player.vimeo.com https://*.fls.doubleclick.net https://vimeo.com https://service.force.com;form-action 'self' https://www.facebook.com/tr/;frame-ancestors 'self';plugin-types application/pdf; 3
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com *.whiteboard.is marketo.net *.marketo.net marketo.com *.marketo.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com powerbi.com *.powerbi.com fliphtml5.com *.fliphtml5.com *.google.com airtable.com *.amelia.com *.webflow.io *.msgctrl.com *.whiteboard.is *.shapespark.com *.tiktok.com forms.office.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com unpkg.com rtb123.com *.rtb123.com *.cybba.solutions *.cybba.us storage.googleapis.com rmtag.com *.rmtag.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com microsoft.github.io *.omtrdc.net *.bizible.com *.moatads.com *.gstatic.com *.adnxs.com *.clarity.ms *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.pixel.ad; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com *.tiktokcdn.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com *.mktoresp.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com stats.g.doubleclick.net *.whiteboard.is *.clarity.ms *.ibytedtos.com *.mktoutil.com; 3
frame-ancestors https://www.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 3
frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp 3
default-src 'self' http://localhost:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.sol-data.com http://localhost:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfill.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com; style-src 'unsafe-inline' 'self' http://localhost:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* ws://localhost:* https://*.sol-data.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ http://*.jobsdb.com/ https://dpm.demdex.net/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com https://seekasia.demdex.net 3
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 3
frame-ancestors 'self' https://tryamp.msiteproject.com https://your-domain.cdn.ampproject.org https://your-domain.amp.cloudflare.com https://cdn.ampproject.org https://mytaj.tajhotels.com/ https://uatmytaj.tajhotels.com https://author-taj-prod63.adobecqms.net/ 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src *; worker-src *; 3
frame-ancestors 'self' *.3sharecorp.com 3
frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 3
frame-ancestors 'self' http://*.iframely.com 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn okings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com chat-prod-ap-southeast-2.s3.amazonaws.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' ; frame-src 'self' www.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz hotels.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz chat-prod-ap-southeast-2.s3.amazonaws.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com muscula.herokuapp.com; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 3
default-src 'self'; style-src 'self' *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline'; script-src 'self' *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/; frame-src 'self' *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/; connect-src 'self' *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/; font-src 'self' *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/; media-src 'self' *.lpsnmedia.net/ 3
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3
report-uri / 3
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com 3
frame-ancestors 'self' https://usa.denon.com/; 3
frame-ancestors self https://*.chaosgroup.com https://secure.avangate.com https://secure.2checkout.com 3
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 3
frame-ancestors 'self' https://www.messenger.com https://www.facebook.com/; 3
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com  dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com ws.zoominfo.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com tag.aumago.com *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3
frame-src 'self' https://www.terminland.de *.novomind.com *.datev.de *.datev.com 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3
frame-ancestors *.ivanti.com *.ivanti.com.au *.ivanti.com.cn *.ivanti.com.sg *.ivanti.co.uk *.ivanti.co.jp *.ivanti.de *.ivanti.fr *.ivanti.it *.ivanti.es *.ivanti.ru *.ivanti.cz *.ivanti.pl *.ivanti.nl *.ivanti.lat 3
frame-ancestors http://www.moex.com 3
style-src 'self' 'unsafe-inline' 3
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 3
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 3
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 3
frame-ancestors 'self' https://*.iproperty.com.my https://*.squarefoot.com.hk ; 3
default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors *.straumann.com  3
default-src 'self' http: https: blob: ws: cdnjs.cloudflare.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'   http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com widget.user.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com prospectleads.bnpparibas.pl widget.user.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.ratatu.pl https://fonts.googleapis.com *.googleads.g.doubleclick.net https://tagmanager.google.com prospectleads.bnpparibas.pl bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com https://teddytor.abtasty.com widget.user.com googleads.g.doubleclick.net https://skk.erecruiter.pl *.google.com https://www.ytimg.com 52.166.95.107 'self' 'unsafe-inline'; img-src https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com widget.user.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net prospectleads.bnpparibas.pl www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net www.facebook.com *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com widget.user.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com prospectleads.bnpparibas.pl http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com widget.user.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl wss://ws9.hotjar.com https://vc.hotjar.io bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com widget.user.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 3
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 3
: script-src "self" 3
default-src 'self'; form-action 'self'; object-src 'self';             connect-src 'self' https://api.github.com;             media-src 'self';             style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com;             font-src 'self' data: https://fonts.gstatic.com;             img-src 'self' data: https://matomo.riot.im/matomo.php;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://webforms.pipedrive.com https://*.pipedriveassets.com;             child-src 'self' https://webforms.pipedrive.com 3
default-src 'self';frame-ancestors 'none';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com http://mackeeper.com https://mackeeper.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 3
frame-ancestors 'self' *.lovecrafts.com 3
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com 3
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com pro.ip-api.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com cdn.siteimprove.net data:; 3
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 3
frame-ancestors 'self' *.datastax.com 3
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' http://carbonblack.lookbookhq.com https://carbonblack.lookbookhq.com http://content.carbonblack.com https://content.carbonblack.com 3
default-src 'self';    media-src 'self' https://www.youtube.com https://cdn.userway.org;    connect-src 'self' https://analytics.google.com https://cdn.userway.org https://in.hotjar.com https://api.curator.io https://stats.g.doubleclick.net https://www.google-analytics.com https://ka-p.fontawesome.com https://api.userway.org;    img-src 'self' data: * https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com;    frame-src 'self' https://bid.g.doubleclick.net https://sheridancollege.formstack.com https://bbox.blackbaudhosting.com https://www.youtube.com *.sheridancollege.ca https://cdn.userway.org https://vars.hotjar.com; frame-ancestors 'self';    font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io https://cdn.userway.org https://ka-p.fontawesome.com https://fonts.gstatic.com https://use.typekit.net;    script-src 'self' 'nonce-cspScrpt' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://tagmanager.google.com https://ssl.google-analytics.com https://static.formstack.com https://bbox.blackbaudhosting.com https://sheridancollege.formstack.com https://cdn.curator.io https://maps.googleapis.com https://www.youtube.com https://script.hotjar.com https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.googletagmanager.com  https://www.google-analytics.com https://static.hotjar.com https://cdn.userway.org https://connect.facebook.net https://analytics.formstack.com https://vc.hotjar.io;    style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://bbox.blackbaudhosting.com https://cdn.curator.io https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.formstack.com 3
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 3
default-src 'self' https://recreativdesign.com blob:;script-src 'self' nonce-guXj7w7oWwUuGz/RZw2vXUoxt7E 'unsafe-inline' 'unsafe-eval' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://browser.sentry-cdn.com https://recreativdesign.com;frame-src 'self' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://www.google.lv;img-src 'self' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com data: blob: https://via.placeholder.com/200x200 https://recreativdesign.com;font-src 'self' data: recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://recreativdesign.com;style-src 'self' 'unsafe-inline' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://recreativdesign.com;report-uri //recreativ.com/csp_report.php; 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 3
script-src  'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 3
frame-ancestors *.bilimal.kz *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.elumiti.kz *.fpp.kz *.presidentfoundation.kz 3
frame-ancestors https://bulbul.io 3
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com fast.wistia.com; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com fast.wistia.com fast.wistia.net embed-fastly.wistia.com/ secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com embedwistia-a.akamaihd.net *.amazonaws.com cx.atdmt.com; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net 10123097.fls.doubleclick.net/; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embed-fastly.wistia.com embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: embedwistia-a.akamaihd.net www.podbean.com fast.wistia.net 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 3
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 3
base-uri 'self'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 3
frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 3
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com https://www.google-analytics.com;  3
base-uri 'self';block-all-mixed-content;connect-src 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' data:;manifest-src 'self';media-src 'self' data: ;object-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self';style-src-attr 'unsafe-inline'; 3
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 3
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com 3
form-action 'self'; 3
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id https://manganime.in 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' styles.wienerstadtwerke.at *.youtube.com *.ytimg.com assets.adobedtm.com www.google-analytics.com www.google.com www.gstatic.com ajax.googleapis.com maps.googleapis.com *.vimeocdn.com app.onlim.com chatbot.wlb.at openstreetmap.org *.openstreetmap.org polyfill.io *.virtualq.io walls.io; connect-src 'self' styles.wienerstadtwerke.at api.wstw.at *.service.wienernetze.at service.wienernetze.at service.wienerstadtwerke.at *.api.wienenergie.at api.wienenergie.at routenplaner.verkehrsauskunft.at *.addthis.com *.vimeo.com vimeo.com *.onlim.com wss://cs.onlim.com wss://api.onlim.com/cs/ws chatbot.wlb.at *.arcgis.com *.arcgisonline.com wtb.maptiles.arcgis.com; img-src 'self' blob: data: styles.wienerstadtwerke.at csi.gstatic.com *.ytimg.com maps.googleapis.com maps.gstatic.com *.wien.gv.at *.2o7.net *.omtrdc.net *.vimeocdn.com *.openstreetmap.org app.onlim.com dacodi-production.s3.amazonaws.com *.arcgisonline.com *.fluidtime.com maps.wien.gv.at; style-src 'unsafe-inline' 'self' styles.wienerstadtwerke.at fonts.googleapis.com app.onlim.com; font-src 'self' fonts.gstatic.com app.onlim.com chatbot.wlb.at; frame-src 'self' service.wienerstadtwerke.at maps.friedhoefewien.at www.google.com *.youtube.com *.vimeo.com vimeo.com www.whatchado.com app.onlim.com *.virtualq.io *.walls.io walls.io *.issuu.com issuu.com video.eko.com; media-src 'self' data: app.onlim.com 3
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 3
default-src 'self' https://*.canadalife.com https:;         connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://mboxedge35.tt.omtrdc.net;         script-src 'self' 'unsafe-eval' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://fls.doubleclick.net https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net;         style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.vidyard.com https://*.qualtrics.com https://fonts.googleapis.com;         img-src 'self' data: https://*.canadalife.com https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://fls.doubleclick.net https://maps.googleapis.com https://px.ads.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://analytics.twitter.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/;         font-src 'self' data: https://*.canadalife.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com;         frame-src 'self' https://play.vidyard.com https://*.qualtrics.com https://www.youtube.com https://gwl.demdex.net;         child-src https://*.canadalife.com https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net;         object-src 'none';         base-uri 'none'; 3
frame-ancestors 'self' https://duffandphelps.360learning.com 3
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: blob:; font-src 'self' data: https:; 3
frame-ancestors 'self' docs.linkresearchtools.com smart.linkresearchtools.com lrtcon.at lrtcon.com app.linkresearchtools.com test2.linkresearchtools.com *.dev.linkresearchtools.com; 3
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 3
frame-ancestors 'self' https://agcovirtualshowroom.com https://www.agcovirtualshowroom.com; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:;font-src https: data:; 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.traderstation-international.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 3
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://os.mwscdn.io https://fonts.googleapis.com https://id.myworld.com; img-src 'self' https: data:; font-src 'self' data: https://os.mwscdn.io https://fonts.gstatic.com https://maps.googleapis.com; report-uri /csp-report 3
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3
frame-ancestors self *.haagendazs.us; report-uri /report-csp-violation 3
frame-ancestors 'self' blank;object-src 'self' blank; 3
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn www.zhidaoai.com *.aliyuncs.com *.aliyun.com *.ctcn.com.cn 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.uk2group.com *.hotjar.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com *.hotjar.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com; img-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data:; style-src 'self' 'unsafe-inline' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net *.hotjar.com vars.hotjar.com; frame-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com *.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com; connect-src 'self' mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com ws://127.0.0.1:35729 vc.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com graylog.hotjar.com:12443 script.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com mw.thghosting.com; font-src 'self' data: *.midphase.com script.hotjar.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.puzzel.com; frame-ancestors 'self'; 3
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net 3
sandbox allow-forms allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation 3
frame-ancestors 'self' https://www.endesaclientes.com 3
frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com  *.golfpass.com *.golfgenius.com golfgenius.com  ggstest.com ggstest2.com 3
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 3
frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.prate-dev.com https://grate-cms.gr-stage.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://www.atproperties.com https://atproperties.com https://www.staging.atproperties.com https://staging.atproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: 3
frame-ancestors *.firsthorizon.com 3
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: 'self' data:; frame-src https: mailto:; 3
default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; font-src 'self' data: https: *.fibi.co.il; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com https://apps.fibi.co.il 3
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 3
connect-src data: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com;                               default-src https: *.hotjar.com *.hotjar.io;              worker-src * blob:;                                                                media-src * blob:;             img-src * data:;             frame-src https: *.hotjar.com *.hotjar.io;               font-src 'self' data: *.hotjar.com *.hotjar.io *.azurewebsites.net cohrcdn.azureedge.net *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com;              script-src data: *.zoominfo.com *.facebook.net *.hotjar.com *.hotjar.io *.searchcdn.com addsearch.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com *.azurewebsites.net cohrcdn.azureedge.net geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.resultspage.com *.coherent.com *.transifex.com  *.pardot.com *.google-analytics.com *.msecnd.net 'unsafe-eval' 'unsafe-inline';              style-src blob: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.driftt.com *.azurewebsites.net cohrcdn.azureedge.net *.coherent.com *.resultspage.com *.transifex.com *.pardot.com  'unsafe-inline'; 3
child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to * smartlook.cloud e.infogram.com *.smartlook.com *.cookiebot.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net e.infogram.com www.facebook.com www.google.com va.tawk.to *.stickeemobiles.co.uk optimize.google.com www.googleoptimize.com *.cookiebot.com; 3
frame-ancestors account.vogelbescherming.nl vbn-sso.aanzee.online www.tuinvogeltelling.nl www.vogelbescherming.nl www.vogelweek.nl; 3
default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' *.betssongroupaffiliates.com 3
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 3
style-src https: 'unsafe-inline' 3
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 3
frame-ancestors *.ktown4u.com *.ktown4u.co.kr *.ktown4u.jp *.ktown4u.cn 3
default-src 'none';connect-src 'self' https://*.salemove.com wss://pubsub.salemove.com wss://kluster.salemove.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com https://*.secumd.org https://*.bethpagefcu.com https://*.bellco.org https://js.callrail.com https://n2.mouseflow.com https://s.yimg.com wss://mpsnare.iesnare.com wss://ci-mpsnare.iovation.com https://*.google.com https://stats.g.doubleclick.net https://files.bethpagefcu.com https://api.datatrac.net https://*/api/fraudforce/FraudForce/Post https://siteintercept.qualtrics.com https://*.nanorep.co https://*.nanorep.com https://performance.typekit.net https://bat.bing.com https://secure-ds.serving-sys.com https://www.google-analytics.com https://*.jotform.com https://app.textrecruit.com https://app1.textrecruit.com https://*.segmint.net https://s3.amazonaws.com/cdn.segmint.net/ https://*.fontawesome.com https://*.glia.com;font-src 'self' data: https://*.gstatic.com https://use.typekit.net https://insight.adsrvr.org https://*.fontawesome.com https://apps.pcdgroup.com https://*.cloudflare.com https://*.formstack.com;frame-src 'self' https://*.doubleclick.net https://pixel-a.basis.net https://www.youtube.com https://youtu.be https://vimeo.com https://*.vimeo.com https://pixel.sitescout.com https://*.locatorsearch.com https://pixel.mathtag.com https://insight.adsrvr.org https://*.cloudfront.net https://*.google.com https://www2.iraservicecenter.com https://*.bethpagefcu.com https://*.secumd.org https://*.bellco.org https://*.orb.alkamitech.com https://www.agentinsure.com https://fliphtml5.com https://vizi.vizirecruiter.com https://secumd.satmetrix.com https://www.youtube-nocookie.com https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://a.pgtb.me https://*.formstack.com https://*.jotform.io https://*.jotform.us https://*.jotform.com https://www.facebook.com https://connect.segmint.net https://m.lndg.page https://feed.mikle.com;frame-ancestors 'self';img-src 'self' data: https://*.google.com https://bat.bing.com https://bs.serving-sys.com https://pixel-a.basis.net https://p.typekit.net https://*.siteimproveanalytics.io https://detectca.easysol.net https://www.facebook.com https://pixel.sitescout.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://ssiteid.t.eloqua.com https://*.salemove.com https://images.locatorsearch.com https://www.pages03.net https://pixel.mathtag.com https://track.hubspot.com https://insight.adsrvr.org https://cs.choozle.com https://idsync.rlcdn.com https://s3.amazonaws.com/provelo.bold360demo.com/ https://images.printable.com https://mpp.specificclick.net https://cx.atdmt.com https://dpm.demdex.net https://pixel.rubiconproject.com https://pixel.advertising.com https://tags.bluekai.com https://pixel.tapad.com https://idpix.media6degrees.com https://aa.agkn.com https://dsum-sec.casalemedia.com https://loadm.exelator.com https://odr.mookie1.com https://cache.vindicosuite.com https://uipglob.semasio.net https://eb2.3lift.com https://e.nexac.com https://dmp.truoptik.com https://mid.rkdms.com https://ml314.com https://cw.addthis.com https://cache.vindicosuite.com https://www.glassdoor.com https://*.oflows.net https://www.navyfederal.org https://match.adsrvr.org https://online.citi.com https://www2.bac-assets.com https://*.adnxs.com http://img.en25.com/EloquaImages/clients/BellcoCreditUnion/ https://*.facebook.net https://*.simpli.fi https://*.jotfor.ms https://*.jotform.com https://*.formstack.com https://ups.analytics.yahoo.com https://simplifi.partners.tremorhub.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://fei.pro-market.net https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://load77.exelator.com https://sync.search.spotxchange.com https://bh.contextweb.com https://us-u.openx.net https://pippio.com https://sync1.intentiq.com https://in.xspadvertising.com https://usermatch.krxd.net https://beacon.krxd.net https://su.addthis.com https://d.agkn.com https://match.sharethrough.com https://simage2.pubmatic.com https://io.narrative.io https://i.liadm.com https://x.bidswitch.net https://s.thebrighttag.com https://t.mookie1.com https://login.dotomi.com https://*.googleusercontent.com https://*.gstatic.com https://app.textrecruit.com https://app1.textrecruit.com https://jelly.mdhv.io https://www.yext-pixel.com https://*.amazon-adsystem.com https://*.adnxs.com https://*.bethpagefcu.com https://*.bellco.org https://*.secumd.org https://*.mediaiqdigital.com https://uat.trkn.us https://trkn.us https://www.consumersadvocate.org;media-src 'self' data: https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com https://libs.salemove.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.callrail.com https://*.salemove.com https://bat.bing.com https://cdn.mouseflow.com https://*.facebook.net https://detectca.easysol.net https://googleads.g.doubleclick.net https://s.btstatic.com/tag.js https://s.yimg.com/wi/ytc.js https://siteimproveanalytics.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com/iframe_api https://youtu.be https://vimeo.com https://*.vimeo.com https://*.bethpagefcu.com https://mpsnare.iesnare.com https://use.typekit.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://script.crazyegg.com https://sp.analytics.yahoo.com https://code.getmdl.io/1.3.0/material.min.js https://www.googleadservices.com https://img.en25.com/i/elqCfg.min.js https://s.thebrighttag.com https://s.ytimg.com https://ci-mpsnare.iovation.com https://js.callrail.com https://js.locatorsearch.com https://*.cloudflare.com https://*.cloudfront.net https://www.sc.pages03.net https://*.siteintercept.qualtrics.com https://pixel.mathtag.com https://browser.sentry-cdn.com https://*.nanorep.co https://*.nanorep.com https://*.gstatic.com https://s3.amazonaws.com/data.vizirecruiter.com/ https://*.fontawesome.com https://*.cudlautosmart.com https://nexus.ensighten.com https://ssl.geoplugin.net https://secure.checkout.visa.com http://*.serving-sys.com https://*.serving-sys.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.simpli.fi https://bethpagefederalcreditunion.formstack.com https://*.jotform.com https://*.jotform.us https://*.jotformpro.com https://*.jotfor.ms https://*.jotform.io https://*.formstack.com https://sandbox.secure.checkout.visa.com https://knowledgetags.yextpages.net https://app.textrecruit.com https://app1.textrecruit.com https://action.dstillery.com https://cdn.segmint.net https://analytics.yext-static.com https://*.youtube.com https://*.glia.com https://www.consumersadvocate.org/ https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.salemove.com https://code.getmdl.io/1.3.0/ https://cloud.typography.com https://*.fontawesome.com https://*.cloudflare.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.jotfor.ms https://*.formstack.com https://*.google.com https://*.segmint.net; 3
frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch; 3
frame-ancestors 'self' http://www.axe.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 3
default-src 'self'; connect-src 'self' analytics.gov.yk.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca https://widget.time.is static.addtoany.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com ; 3
frame-ancestors 'self' https://backend.diario26.com 3
default-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; script-src http://localhost https://radancy.dev https://*.radancy.com https://d1emzqdvia1vut.cloudfront.net/2.6.1/sp.js https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; frame-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; connect-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; img-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; font-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; style-src http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 3
img-src *;font-src * 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 3
frame-ancestors 'self' *.upc.pl html5.upcspeedtest.pl *.livechatinc.com d17eiofnbbcyfc.cloudfront.net youtube.com *.zoovu.com upcpoland.dualstack.speedtestcustom.com; 3
frame-ancestors 'self' statistiques-opus-prod.chambres-agriculture.fr 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data:; frame-src *; connect-src *; media-src * blob:; object-src 'none'; worker-src * blob: 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com www.googletagmanager.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com www.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' www.google-analytics.com www.google.com www.google.co.uk data.shorthand.com data: ; frame-src cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com; object-src data: 'unsafe-eval'; connect-src 'self' cdn.cookielaw.org privacyportal.onetrust.com www.google-analytics.com gateway.shorthand.com stats.g.doubleclick.net data.shorthand.com; base-uri 'none'; 3
default-src 'unsafe-inline' 'unsafe-eval' https: data: 3
frame-ancestors https://citycall.kassel.de/ 3
block-all-mixed-content; frame-ancestors 'none'; 3
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 3
frame-ancestors https://accounts.cft.ru 3
default-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/ info.cytivalifesciences.com info.cytivalifesciences.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/ info.cytivalifesciences.com info.cytivalifesciences.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com fast.gehealthcare.demdex.net dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gehealthcare.sc.omtrdc.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com cm.everesttech.net static.cloud.coveo.com *.thunderhead.com google.com googleads.g.doubleclick.net *.evidon.com *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/ hm.baidu.com info.cytivalifesciences.com info.cytivalifesciences.com/ *.jabmo.app/ d22d1xpx4ztuef.cloudfront.net/VqiIK76Nz6lnJoMsCapVh781pu5b.js secure.adnxs.com; img-src * data:; media-src 'self' *.youtube.com cdn.cytivalifesciences.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: static3.avast.com; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net info.cytivalifesciences.com info.cytivalifesciences.com/ www.cytivalifesciences.com/ www.cytivalifesciences.com; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/ hm.baidu.com api.ipify.org c.jabmo.app; report-uri https://www.cytivalifesciences.com/api/csp/report 3
font-src https: data: blob:; frame-ancestors 'self' medialibrarycdn.blueyonder.com cdn.blueyonder.com by-media-library.azureedge.net blueyonder.com; img-src https: data: blob:; default-src https: data: blob: wss:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.inbenta.chat:* wss://*.inbenta.io:* wss://*.inbenta.com:* http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://youtu.be http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.inbenta.chat:* http://*.inbenta.io:* http://*.inbenta.com:* http://*.go-mpulse.net http://*.akstat.io http://*.akamaihd.net http://cdn-akamai.mookie1.com http://*.userway.org http://claro.speedtestcustom.com http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://tags.tiqcdn.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.inbenta.chat:* https://*.inbenta.io:* https://*.inbenta.com:* https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://cdn-akamai.mookie1.com https://*.userway.org https://claro.speedtestcustom.com https://clarotec.com.do https://snap.licdn.com https://*.clarovideo.net https://px.ads.linkedin.com https://p.adsymptotic.com https://*.claromusica.com; media-src mediastream:; 3
default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf https://opt-out.ferank.eu https://*.hotjar.com; media-src 'self' https://ooyalaeuwest.streaming.mediaservices.windows.net blob: https://www.tntv.pf https://www.youtube.com https://www.dailymotion.com https://*.hotjar.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://player.ooyala.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://ssl.google-analytics.com https://player.ooyala.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagservices.com https://adservice.google.fr https://adservice.google.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://connect.facebook.net https://platform.twitter.com https://analytics.ooyala.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://s0.2mdn.net https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr http://player.ooyala.com http://players.brightcove.net https://players.brightcove.net https://vjs.zencdn.net https://analytics.ooyala.com/ https://www.instagram.com http://*.opta.net https://*.opta.net https://acdn.adnxs.com https://*.hotjar.com https://*.privacy-center.org; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://player.ooyala.com/ https://platform.twitter.com https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu http://players.brightcove.net https://players.brightcove.net https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://www.instagram.com http://*.opta.net https://*.opta.net https://*.hotjar.com; child-src 'self' blob: https://*.myligue.fr https://www.google.com/ https://*.googlesyndication.com https://player.ooyala.com/ https://platform.twitter.com/ https://staticxx.facebook.com/ https://syndication.twitter.com/ https://widgets.lfp.stats.com https://l.ooyala.com/ https://imasdk.googleapis.com/ https://www.youtube.com https://www.dailymotion.com https://cartemercatoligue1.com https://11type.lfp.fr https://story.tl https://*.ausha.co https://taghcountdown.909c.fr https://snapshots.playingsurface.net http://player.ooyala.com http://players.brightcove.net http://players.brightcove.net http://l.ooyala.com https://twitter.com https://www.facebook.com https://m.facebook.com https://www.instagram.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://www.google-analytics.com http://www.google-analytics.com https://www.sporcle.com https://*.hotjar.com https://*.spotify.com/ https://*.global-mmk.com https://platform.global-mmk.com/LFPMaps/Broadcasters/Index; img-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com data: https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://lfpimageproxy.azureedge.net https://secure-cf-c.ooyala.com https://player.ooyala.com https://www.blogduparieur.com https://publish.lfpstg.ooflex.net  https://syndication.twitter.com/ https://abs.twimg.com https://platform.twitter.com https://pbs.twimg.com https://www.youtube.com https://www.dailymotion.com https://www.google-analytics.com http://www.google-analytics.com https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://metrics.brightcove.com http://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://www.instagram.com https://cf-images.eu-west-1.prod.boltdns.net http://cf-images.eu-west-1.prod.boltdns.net https://tarteaucitron.io http://*.opta.net https://*.opta.net https://lspprdglcdn.azureedge.net https://ib.adnxs.com https://*.hotjar.com https://*.privacy-center.org; connect-src 'self' https://*.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com https://metrics-api.librato.com https://player.ooyala.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com http://edge.api.brightcove.com http://player.ooyala.com http://manifest.prod.boltdns.net http://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.privacy-center.org; frame-ancestors 'self'; 3
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
default-src * 'unsafe-inline';connect-src * 'unsafe-inline';style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';font-src * 'unsafe-inline' 3
img-src https://*; 3
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 3
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl; 3
frame-ancestors 'self' https://*.xealth.io; 3
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://cdnapisec.kaltura.com/ https://*.gstatic.com/ 'self'; child-src  'self'; connect-src https://vod.nucleusvideo.astrazeneca.com/ https://cdnapisec.kaltura.com/ https://analytics.kaltura.com/ https://stats.kaltura.com/ https://*.omappapi.com/ wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://dms.licdn.com/ https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src https://cfvod.kaltura.com/ https://www.facebook.com/ http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/  https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/  'self' data:; media-src https://cdnapisec.kaltura.com/ blob: 'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 3
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; 3
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 3
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 3
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com smrtsrc.com *.smrtsrc.com jahia-macpd-03.smartsource.local jahia-macpd-04.smartsource.local jahia-mactd-01.smartsource.local jahia-macdd-01.smartsource.local 3
frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 3
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 3
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; 3
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com https://s.yimg.com https://sp.analytics.yahoo.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net *.iforex.co.uk *.vestle.com *.toredofx.com https://s.yimg.com; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.efix.local; report-uri https://content.webapi-services.net/csp-reports; 3
frame-ancestors 'self' *.facebook.com 3
frame-ancestors 'self' https://*.ci360.sas.com; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 3
default-src: https: 'unsafe-inline'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 3
default-src https:; font-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data:; 3
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://amplify.outbrain.com/cp/obtp.js;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com https://www.google.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/ https://cdn.conversationalsdevelopment.nl/eneco/;connect-src 'self' *.eneco.nl https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.adcalls.nl https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 3
frame-ancestors 'self' http://webvisor.com; 3
frame-ancestors 'self' *.gdmissionsystems.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com cdn.livechatinc.com secure.livechatinc.com app.livechatinc.com www.livechatinc.com; 3
frame-ancestors 'self' bid.g.doubleclick.net, img-src 'self' www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.co.in www.google-analytics.com googleads.g.doubleclick.net www.google.com *.cdninstagram.com  *.typesquare.com t.teads.tv ct.pinterest.com ad.ipredictive.com www.facebook.com consumer.krxd.net apps.jobadder.com www.zespri.eu zespri.com.isgoingto.be data:, form-action 'self', font-src 'self' ka-f.fontawesome.com fonts.gstatic.com *.typesquare.com data:, object-src 'self', style-src 'self' 'unsafe-inline' unpkg.com tagmanager.google.com fonts.googleapis.com, script-src 'self' 'unsafe-inline' 'unsafe-eval' kit.fontawesome.com unpkg.com typesquare.com cdn.krxd.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.co.in www.googleadservices.com www.google.com p.teads.tv *.cdninstagram.com www.facebook.com connect.facebook.net s.pinimg.com t.teads.tv ct.pinterest.com beacon.krxd.net consumer.krxd.net apps.jobadder.com ajax.googleapis.com www.zespri.eu zespri.com.isgoingto.be blob: 3
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com 3
default-src 'self'; img-src 'self' data: https: *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: https: fonts.googleapis.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com 3
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; 3
frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk; 3
default-src 'self' http: https:  cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online; report-uri /ts/report-csp-violation 3
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 3
default-src 'self'; base-uri 'none'; img-src 'self' data:; worker-src 'none'; frame-src 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.addthis.com assets.wogaa.sg www.google-analytics.com ajax.googleapis.com www.googletagmanager.com; object-src 'none'; 3
default-src 'self' https://ajax.googleapis.com https://maps.googleapis.com http://ajax.googleapis.com http://maps.googleapis.com https://*.ubembed.com http://*.ubembed.com  https://y.c3portal.net https://c3sbx.net https://c3plp.net https://*.ctctcdn.com http://*.ctctcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com/iframe_api http://www.google-analytics.com/ https://lkq.qumucloud.com/ https://c3sbx.net https://c3plp.net https://cdn.qumucloud.com/ https://ssl.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagservices.com/ https://www.googletagmanager.com https://connect.facebook.net/ https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://gateway.zscalertwo.net https://fs17.formsite.com/ http://cdn.jsdelivr.net/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com/ https://maps.googleapis.com/  http://ajax.googleapis.com/ http://maps.googleapis.com http://www.interactivegarage.com https://www.interactivegarage.com http://emarketing.ekeystone.com/ http://static.ctctcdn.com/ https://static.ctctcdn.com/ https://cdnjs.cloudflare.com/ http://cdnjs.cloudflare.com/;  style-src 'self' 'unsafe-inline' https://cdn.qumucloud.com/ https://lkq.qumucloud.com http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com https://*.ctctcdn.com http://*.ctctcdn.com; img-src 'self' *.ekeystone.com/ http://maps.gstatic.com/ http://maps.googleapis.com/ http://media.ekeystone.com/ https://lkq.qumucloud.com/ https://cdn.qumucloud.com/ https://fonts.gstatic.com/ https://www.google-analytics.com/  http://vehiclepartimages.com/ https://www.google.com/ http://www.google-analytics.com/ https://www.facebook.com/ https://gateway.zscalertwo.net https://stats.g.doubleclick.net https://ssl.google-analytics.com/ http://media.viantp.com/ https://www.google.co.in/pagead/ http://www.googletagmanager.com/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com http://emarketing.ekeystone.com https://*.ctctcdn.com http://*.ctctcdn.com data:; child-src 'self' https://lkq.instilled.com https://lkq.qumucloud.com https://sdn.sitecore.net https://c3sbx.net https://c3plp.net https://n.c3portal.net http://sdn.sitecore.net https://www.google.com https://recruiting.adp.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://fs17.formsite.com/ http://www.youtube.com https://*.ubembed.com/ http://www.facebook.com  https://*.pages.ubembed.com http://*.ubembed.com http://*.pages.ubembed.com http://www.interactivegarage.com https://www.interactivegarage.com https://gateway.zscalertwo.net  https://docs.google.com/ https://y.c3portal.net  blob:; font-src 'self' https://cdn.qumucloud.com/ https://fonts.gstatic.com https://*.ubembed.com  http://*.ubembed.com  https://*.ctctcdn.com http://*.ctctcdn.com data:; frame-ancestors 'self'; media-src 'self' http://media.ekeystone.com/ http://vehiclepartimages.com/ https://*.ubembed.com http://*.ubembed.com https://*.ctctcdn.com http://*.ctctcdn.com;  3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 3
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src https://*.mm.dm.at 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src https://*.mm.dm.at 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://cart.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.at https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src https://*.mm.dm.at 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://media.dm-static.com https://*.services.dmtech.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net https://images.podigee-cdn.net; frame-ancestors 'self' https://*.dm.at https://app.datadoghq.eu https://*.lxprod.ka.de.dm-drogeriemarkt.com; frame-src 'self' https://ssl.hurra.com https://*.dm.at https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/ https://hey-familie.podigee.io https://cdn.podigee.com https://player.podigee-cdn.net; base-uri https://*.mm.dm.at 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.at https://checkout.dm.at https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 3
default-src 'self'; media-src 'self' 203.122.51.205 newsonair.gov.in newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' air.pc.cdn.bitgravity.com *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.p.jwpcdn.com www.gstatic.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com *.youtube.com *.google.com s.ytimg.com; img-src * data: *; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.youtube.com *.facebook.com; font-src 'self' data: use.fontawesome.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com; 3
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 3
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: https://img.riskified.com https://web-elb https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com http://origin-st.redbus.in https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.firebaseapp.com https://*.firebaseio.com  https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://*.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://*.facebook.com https://www.youtube.com https://dis.as.criteo.com; object-src 'self'; connect-src 'self' wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com wss://*.gamooga.com www.google-analytics.com graph.facebook.com accounts.google.com 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tradingview.com https://storage.googleapis.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://res.wx.qq.com https://static.bitkan.com https://static.bitkan.net https://www.google-analytics.com https://www.googletagmanager.com https://hm.baidu.com https://www.sobot.com https://aeis.alicdn.com https://g.alicdn.com https://cf.aliyun.com https://ynuf.alipay.com https://static.geetest.com https://api.geetest.com https://monitor.geetest.com https://dn-staticdown.qbox.me; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://bee.bitkan.com https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.googleapis.com https://static.geetest.com https://dn-staticdown.qbox.me; font-src 'self' data: https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.gstatic.com https://at.alicdn.com; frame-src 'self' redpacket: https://www.tradingview.com https://player.bilibili.com https://files.bitkan.com https://mobile.bitkan.com  https://bitkan.com https://beta.bitkan.com https://static.bitkan.com https://static.bitkan.net https://www.sobot.com https://v.qq.com https://player.youku.com; connect-src 'self' https://static.bitkan.net https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://wapi.bitkan.com wss://s.btckan.com:8080 wss://imws.sobot.com:* https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://hm.baidu.com https://upload.qiniup.com https://ynuf.alipay.com https://cors-anywhere.bitkan.com https://uplog.qbox.me https://api.qiniu.com ; object-src 'none' 3
frame-ancestors 'self' https://accounts.highbond.com https://accounts.aclgrc.com https://accounts.highbond-gov.com https://accounts.highbond-gov2.com https://accounts.highbond-s1.com https://accounts.highbond-s2.com https://accounts.highbond-s3.com https://accounts.highbond-gov-s1.com 3
default-src 'self' blob: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au; script-src 'self' data: blob: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com; style-src 'self' 'unsafe-inline' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.googleapis.com tagmanager.google.com ui.chatbot.digital.vic.gov.au fast.fonts.net *.openforms.com fontlibrary.org; img-src 'self' data: blob: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jp www.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com *.fastly.net cdn.storerocket.io base.maps.vic.gov.au; font-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org; frame-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com www.vic.gov.au *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com *.vic.gov.au macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net; connect-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp1.sdp.vic.gov.au *.elastic.sdp2.sdp.vic.gov.au *.hotjar.io *.google-analytics.com *.doubleclick.net api.ipify.org *.myvictoria.vic.gov.au *.mapbox.com discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com api.sdp.vic.gov.au api.go.vic.gov.au *.fastly.net storerocket.io directory.data.vic.gov.au ckan.develop.datavic-ckan.sdp1.sdp.vic.gov.au geo.mapshare.vic.gov.au; frame-ancestors 'self' *.vic.gov.au; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' http: data: 3
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.mapbox.com *.mqcdn.com *.mapquestapi.com *.mapquest.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com blob: data:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3
base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 3
frame-ancestors 'self' https://*.probikeshop.fr https://*.probikeshop.it https://*.bikeshop.es https://*.probikeshop.de https://*.probikeshop.pt https://*.probikeshop.com https://*.probikeshop.ch; 3
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 3
frame-ancestors https://io.apply.creditkarma.com 3
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data: 3
img-src * data: blob: 3
: frame-ancestors "none" 3
default-src 'self' *.kampyle.com *.medallia.com *.google-analytics.com *.gstatic.com ;               script-src 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.medallia.com *.kampyle.com *.googletagmanager.com  *.google-analytics.com  *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval';                script-src-elem 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com  *.medallia.com *.kampyle.com *.googletagmanager.com  *.google-analytics.com  *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval';    connect-src 'self' *.kampyle.com *.medallia.com *.mktoresp.com;                object-src 'self' *.kampyle.com *.medallia.com;                style-src 'self' *.kampyle.com *.medallia.com *.gstatic.com   *.bootstrapcdn.com *.googleapis.com *.jquery.com 'unsafe-inline' 'unsafe-eval';                 font-src 'self' *.kampyle.com *.medallia.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com data:;                frame-src 'self' *.astfinancial.com *.exacttarget.com *.gstatic.com  *.googletagmanager.com *.kampyle.com *.medallia.com;            img-src 'self' *.gravatar.com *.kampyle.com  *.medallia.com *.umbraco.org *.google-analytics.com umbraco.tv *.googletagmanager.com; 3
default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
default-src 'self' *.googlesyndication.com *.hotjar.com; connect-src 'self' wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.googlesyndication.com *.bugsnag.com *.biznettechnologies.com ws://*.biznettechnologies.com wss://*.biznettechnologies.com *.zuppler.com ws://*.zuppler.com wss://*.zuppler.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com  *.usersnap.com; frame-src 'self' *.google.com *.googlesyndication.com aexp.demdex.net *.aexp.demdex.net  *.omtrdc.net *.hotjar.com *.braintreegateway.com; style-src 'self' 'unsafe-inline' *.googleapis.com cloud.typography.com hello.myfonts.net/count/3b4b0c www.skymilesdining.com *.hotjar.com; font-src 'self' *.hotjar.com data: *.zopim.com *.gstatic.com; img-src 'self' *.zopim.io *.zopim.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com *.zuppler.com dbgcbnch6yz43.cloudfront.net *.hotjar.com  *.usersnap.com *.gravatar.com *.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org *.hotjar.com nexus.ensighten.com *.netlify.com *.netlify.app *.biznettechnologies.com *.zuppler.com *.stripe.com *.worldpay.com *.usersnap.com; form-action 'self'; 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net cdn.podigee.com; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 3
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: blob: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net blob: 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 3
default-src 'self' ; connect-src 'self' https://www.google-analytics.com https://api.curator.io https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://authedmine.com https://ssl.google-analytics.com https://ajax.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com;img-src 'self' https://cdn.cookielaw.org https://img.bfmtv.com https://bfmbusiness.bfmtv.com https://images.auchan.ro https://talentforjobs.com https://curatorio.s3.amazonaws.com https://*.uecdn.es https://www.google.com https://www.instagram.com https://*.curator.io https://www.googletagmanager.com https://www.auchan-retail.com http://pbs.twimg.com https://pbs.twimg.com https://image-store.slidesharecdn.com https://i.ytimg.com https://*.licdn.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.cdninstagram.com https://*.googleusercontent.com https://secure.gravatar.com https://ps.w.org https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://secure.gravatar.com https://ssl.google-analytics.com data:;style-src 'self' 'unsafe-inline' data: https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.curator.io https://www.auchan-retail.com https://themes.googleusercontent.com https://fonts.gstatic.com data:; child-src https://talentforjobs.com https://www.auchan-retail.com https://www.youtube.com https://indd.adobe.com https://player.vimeo.com https://www.youtu.be; media-src 'self' https://www.instagram.com https://dms.licdn.com https://www.youtu.be https://www.youtube.com https://www.auchan-retail.com https://www.youtube.com https://video.twimg.com https://*.cdninstagram.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com *.youtube.com *.ytimg.com *.newrelic.com *.nr-data.net *.g.doubleclick.net snap.licdn.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com p.typekit.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net *.persgroep.net *.google.nl i.ytimg.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co *.nr-data.net stats.g.doubleclick.net i.ytimg.com p.typekit.net use.typekit.net maps.googleapis.com www.googletagmanager.com maps.gstatic.com www.instagram.com www.sfdcstatic.com *.cloudfront.net *.salesforceliveagent.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl m.facebook.com crionet-ms-widgets.azurewebsites.net; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net p.typekit.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com use.typekit.net; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net knltb.sb.blueconic.net; block-all-mixed-content; 3
frame-ancestors 'self' covid-check.generali.de 3
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors 'self' 3
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://sdnats.com http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 3
default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com/api/v2/video https://*.vimeo.com https://*.zorgvoorbeter.nl https://*.kennispleingehandicaptensector.nl https://apps.elfsight.com https://*.vo.msecnd.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://i.vimeocdn.com https://img.youtube.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.vilans.nl https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://w.soundcloud.com https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 3
upgrade-insecure-requests; report-uri /__csp-collector/index 3
default-src 'self' static.mycity.travel static.www.villars-diablerets.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 3
connect-src 'self' wss: https://www.google-analytics.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://ctx-nsp-sell-watches-dev.s3.eu-west-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://pricing-engine.ful.chronext.com; default-src 'self'; font-src 'self' data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://trck.spoteffects.net; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com 3
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 3
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org https://unpkg.com *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.licdn.com *.simpli.fi blob:; style-src 'unsafe-inline' *; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.google.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us blob:; object-src 'self' cdn.opticsinfobase.org *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.twitter.com *.google.com *.cloudfront.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.googlesyndication.com *.youtube.com https://titanembeds.com; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com; 3
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 3
frame-ancestors 'self' http://*.szextarskereso.hu http://*.bizarr.hu https://szex.com http://sweetescortgirls.com https://www.amator-szex.hu https://kupak.hu; 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 3
script-src 'self' *.seksualiteit.nl *.seksindepraktijk.nl *.seksuelevorming.nl *.rutgers.international *.rutgers.nl *.weekvandelentekriebels.nl *.rutgers.ug *.rutgers.id *.anticonceptievoorjou.nl *.hotjar.com *.adform.net *.addthisedge.com *.addthis.com *.facebook.com *.newrelic.com *.nr-data.net *.cdn77.org *.ckeditor.com *.smartsupp-widget-161959.c.cdn77.org *.smartsuppchat.com *.adscience.nl *.bugherd.com *.googletagmanager.com *.googleapis.com *.pinterest.com *.readspeaker.com 'unsafe-inline' connect.facebook.net 'unsafe-eval' dev.visualwebsiteoptimizer.com *.google-analytics.com *.bootstrapcdn.com *.google.com *.gstatic.com *.typekit.net *.vimeocdn.com *.youtube.com *.ytimg.com *.fbcdn.net; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.cdn77.org *.bootstrapcdn.com *.myfonts.net *.readspeaker.com *.youtube.com; font-src 'self' *.cdn77.org *.fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.fonts.googleapis.com *.googleapis.com *.ckeditor.com *.newrelic.com; media-src * 'self' data: 3
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com *.rlets.com *.gannettdigital.com *.reachlocalservices.com 3
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://s.go-mpulse.net/boomerang/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.syndication.twimg.com/timeline/ https://code.highcharts.com/ https://connect.facebook.net/it_IT/sdk.js https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://rawgit.com/tyrasd/osmtogeojson/ https://use.fontawesome.com/;frame-ancestors 'self' file: *.spaggiari.eu; 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 3
frame-ancestors 'self' *.dja.com; 3
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/; 3
default-src 'self'; connect-src 'self' stats.g.doubleclick.net api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net forms.hsforms.com forms.hs-forms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-banner.com; prefetch-src: js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' data:; frame-src app.hubspot.com player.vimeo.com; img-src 'self' data: wp.ocelotbot.com googleads.g.doubleclick.net secure.gravatar.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com ws.zoominfo.com www.googleadservices.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com js.hsforms.net forms.hsforms.com forms.hs-forms.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 3
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 3
frame-ancestors 'self' https://*.lucky311.com https://*.playcx.com https://*.playdublinbet.com https://*.play31.com https://*.premierlivecasino.com https://*.sterlingcdn.com  https://sterlingcdn.com https://*.lucky31fr.com https://*.casinoextra2.com https://*.sterlingcdn.com https://*.streatapp.com https://*.casinoextra100.com https://*.dublinsbet.com https://*.lucky-31.com https://*.casinoextra3.com https://*.dublinbet1.com https://*.prontocasino.com https://*.casino-estrellas.com https://*.dublinbet.org https://*.casinoextra.net https://*.fatboss.com https://*.casinoextraclub.com https://*.lucky31club.com https://*.dublinbetenvivo.com https://*.casinoestrellavip.com https://*.fatboss1.com https://*.fatboss1.net https://*.fatbossclub.com https://*.fatbossvip.com https://*.thefatboss.com https://*.thefatboss.net https://*.casinoextra2019.com https://*.casinoestrella2019.com https://*.dublinbet2019.com https://*.prontolive.se https://*.casinoextrawin.com https://*.dublinbetwin.com https://*.lucky31win.com https://*.onlinebingowin.com https://*.casinoestrellawin.com https://*.fatbosswin.com https://*.casinoextra2020.com https://*.dublinbet2020.com https://*.lucky312020.com https://*.onlinebingo2020.com https://*.casinoestrella2020.com https://*.fatboss2020.com https://*.casinoextraofficial.com https://*.dublinbetofficial.com https://*.lucky31official.com  https://*.onlinebingoofficial.com https://*.casinoestrellaofficial.com https://*.fatbossofficial.com https://*.futocasi.com  https://livecasino.betamogames.com https://livecasino.casinoestrella.com https://livecasino.casinoestrella1.com https://livecasino.casinoextra.com https://livecasino.casinoextrafr.com https://livecasino.oddsextra.com https://livecasino.onlinebingo.eu https://livecasino.playdublinbet.com https://livecasino.premierlivecasino.com https://livecasino.prontocasino.com https://mtm-static.casinomodule.com https://*.yggdrasilgaming.com https://nolimitjs.nolimitcdn.com  https://d1k6j4zyghhevb.cloudfront.net  https://quickfire3.gameassists.co.uk https://mobile3.gameassists.co.uk https://livegames.gameassists.co.uk https://lobby-estrella.betsoftgaming.com https://starfishcasino.tain.com https://www.alteagaming.com https://starfish-godwebclient-cur.geniigaming.net https://game3.betgames.tv https://*.betamogames.com https://game.itsreal.live https://starfishmedia-prod-dgm.ps-gamespace.com https://alvcw.playngonetwork.com https://apiprod.fundist.org https://gserver-starfishmedia.redtiger.cash https://aggr.softswiss.net https://*.zendesk.com https://guezcash.com https://fastwin.pro https://specialwin.biz https://kopsoft.net https://guezcash.com https://succescode.com https://tech-analysts.com https://westernasset.pro https://invesco.pro https://fidelity.la https://software-house.biz https://biznessintelligence.net https://software-xpertz.com https://tech-helden.com 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn; object-src 'self' 3
default-src 'self' https://apply5.lumessetalentlink.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg; script-src https://apply5.lumessetalentlink.com *.linkedin.com/ https://code.jquery.com https://stackpath.bootstrapcdn.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg 'unsafe-inline' 'unsafe-eval' *.stoneforest.com.sg https://stoneforest.com.sg/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://www.googletagmanager.com v1.addthis.com/ v1.addthisedge.com/ s7.addthis.com/ https://graph.facebook.com/ http://graph.facebook.com/ https://www.googleadservices.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://d.adroll.com; style-src 'self' 'unsafe-inline' https://apply5.lumessetalentlink.com/ https://maxcdn.bootstrapcdn.com/ *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' https://stats.g.doubleclick.net https://apply5.lumessetalentlink.com https://maxcdn.bootstrapcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src https://www.google.com/ https://www.google.com.sg https://stats.g.doubleclick.net www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg *.stoneforest.com.sg *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com https://googleads.g.doubleclick.net https://d.adroll.com; media-src 'self' data: blob:; frame-src https://www.googletagmanager.com https://www.youtube.com/ *.linkedin.com/ www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg http://s7.addthis.com/ https://apply5.lumessetalentlink.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://apply5.lumessetalentlink.com; connect-src 'self' www.google-analytics.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://apply5.lumessetalentlink.com/ https://journey-service.tb.lumesse.com https://message-broker.tb.lumesse.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg *.linkedin.com/ v1.addthis.com/ v1.addthisedge.com/ s7.addthis.com/ https://apply5.lumessetalentlink.com https://stats.g.doubleclick.net; 3
frame-ancestors 'self' app.storyblok.com *.omappapi.com *.optinmonster.com ; 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.bunrattycastle.ie https://www.craggaunowen.ie https://www.dunguairecastle.com https://www.gpowitnesshistory.ie https://www.kingjohnscastle.com https://www.knappoguecastle.ie https://www.malahidecastleandgardens.ie https://www.newbridgehouseandfarm.com https://www.shannonheritage.com https://www.modelrailwaymuseum.ie data: https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.bing.com https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://*.crazyegg.com https://*.youtube.com https://*.youtu.be https://youtu.be https://cookie-cdn.cookiepro.com https://*.instagram.com https://*.cdninstagram.com; 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 3
upgrade-insecure-requests; connect-src 'self' *.siteimprove.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; font-src 'self' data: https://fonts.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee *.fbcdn.net *.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com; script-src-attr 'self' 'unsafe-inline' https://vv.riigikantselei.ee https://riigikantselei.ee https://www.riigikantselei.ee; script-src-elem 'self' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://vv.riigikantselei.ee https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://vv.riigikantselei.ee/et/kontakt https://riigikantselei.ee https://www.riigikantselei.ee  cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; style-src-elem 'self' https://www.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee  cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; frame-ancestors none; report-uri https://riigikantselei.ee/report-uri/enforce 3
frame-ancestors 'self' piwik.betaalvereniging.nl; 3
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' nvidia.lookbookhq.com nvidia.pathfactory.com resources.nvidia.com www.nvidia.com www.nvidia.cn preview.nvidia.com; report-uri https://nvidia.report-uri.com/r/d/csp/wizard 3
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 3
frame-ancestors 'self' https://app.storyblok.com; 3
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickio.mgr.consensu.org luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru  www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 3
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com unsafe-inline *.trustarc.com 'self' data: https://script.hotjar.com/ https://qaapp02.xisecurenet.com/ *.helenoftroy.custhelp.com helenoftroy.custhelp.com https://helenoftroy.custhelp.com https://helenoftroy.custhelp.com/ *.sdiapi.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com unsafe-inline *.trustarc.com https://stinger-dev.heledigital.com/ https://home-health.heledigital.com/ *.facebook.com *.sdiapi.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.addthis.com *.paymetric.com *.hotjar.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.cloudflareinsights.com *.sdiapi.com unsafe-inline *.oraclecloud.com https://data-a495851.data.us2.oraclecloud.com/ https://www.youtube.com/ http://youtube.com/ https://qaapp02.xisecurenet.com/ https://www.gstatic.com/ https://vars.hotjar.com/ https://consent-st.trustarc.com/ *.custhelp.com *.trustarc.com https://insight.adsrvr.org/ *.facebook.com *.pur.com *.helenoftroy.custhelp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.google.com t.co *.custhelp.com *.rnengage.com *.facebook.com data: *.omtrdc.net unsafe-inline *.magentocommerce.com *.oraclecloud.com 'self' data: *.paypalobjects.com *.heledigital.com *.mailchimp.com *.doubleclick.net *.google.co.in *.cdninstagram.com https://consent.trustarc.com/ *.trustarc.com https://consent-pref.trustarc.com/ https://a5.behance.net/ https://amasty.com/ *.honeywellpluggedin.com/ https://consent.truste.com/ *.co *.apple.com *.googletagmanager.com *.pur.com https://crrecommendedmark.org *.ytimg.com *.sdiapi.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.google-analytics.com googletagmanager.com *.google.com https://www.gstatic.com/ *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com *.facebook.net widgets.pinterest.com *.hotjar.com *.doubleclick.net *.custhelp.com *.rnengage.com *.googleadservices.com *.googleads.g.doubleclick.net/ https://www.googleapis.com *.oraclecloud.com *.amazonaws.com *.googletagmanager.com *.mouseflow.com https://ajax.cloudflare.com/ consent.trustarc.com https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.youtube.com/ http://youtube.com/ *.pur.com *.atgsvcs.com https://static.ads-twitter.com/ *.facebook.net/ *.doubleclick.net/ https://s.yimg.com/  *.rapidspike.com *.yahoo.com *.cardinalcommerce.com unsafe-inline *.google.co.in *.paymetric.com *.rightnowtech.com *.honeywellpluggedin.com *.magentocommerce.com *.helenoftroy.custhelp.com https://crrecommendedmark.org *.sdiapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.custhelp.com unsafe-inline *.trustarc.com *.mailchimp.com *.getfirebug.com *.heledigital.com *.helenoftroy.custhelp.com https://crrecommendedmark.org *.sdiapi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://magento.com https://devdocs.magento.com *.sdiapi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.hotjar.com *.signifyd.com *.rapidspike.com *.oraclecloud.com unsafe-inline *.google-analytics.com consent.trustarc.com *.trustarc.com *.instagram.com https://vc.hotjar.io/ https://data-a495851.data.us2.oraclecloud.com/ https://bam.nr-data.net/ https://www.pur.com/community/ https://qaapp02.xisecurenet.com/ *.doubleclick.net *.yimg.com  *.rapidspike.com *.atgsvcs.com *.facebook.com *.custhelp.com https://crrecommendedmark.org *.sdiapi.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors https://*.smartrecruiters.com 3
default-src 'self' *.hotetec.com; connect-src 'self' ws: *.hotetec.com *.google.com *.hotelinking.com *.criteo.com *.clarity.ms *.smooch.io *.quicktext.im  *.sendpulse.com *.reviewpro.com backend.fideltour.com stats.g.doubleclick.net www.google-analytics.com in.hotjar.com www.123compare.me cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com www.googleadservices.com www.google.es www.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 3
frame-ancestors 'self' *.oldmutualwealth.co.uk 3
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com images.ahpc.us www.googletagmanager.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 3
object-src 3
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; report-uri /debug/csp; 3
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 3
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 3
frame-ancestors 'self' https://salesfra.me/ https://*.upseller.cloud ; 3
connect-src 'self' 'unsafe-inline' www.google-analytics.com collect.tealiumiq.com; script-src 'self' 'unsafe-inline' tags.tiqcdn.com www.youtube.com img6.wsimg.com img1.wsimg.com www.google-analytics.com s.ytimg.com; object-src 'none'; default-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; style-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; img-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com www.google-analytics.com; font-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com 3
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; 3
default-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; script-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; font-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; img-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; child-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add; 3
default-src 'self' https:;object-src 'none';img-src 'self' https: data: blob:;font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' https://dev-nomadfoods.cs89.force.com https://nomadfoods.force.com; child-src 'self' https: blob: 3
default-src 'self' https://*.googlesyndication.com; script-src 'self' https://ajax.googleapis.com https://adservice.google.co.uk https://adservice.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://survey.g.doubleclick.net https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.mouseflow.com https://sharecdn.social9.com https://share.social9.com 'sha256-Sy5BM8WogOwN0VSn8zZrALBlFg46HZ/FvcrKpnv8BM8=' 'sha256-OElzM88CQhWDYfoWWuf+juOSnhhj3mrP1RBXJb48VHo=' https://cdn.intergi.com https://cdn.intergient.com https://*.moatads.com 'sha256-9134ns6L180DrEGKto0sglxUiKCGwFyVU05CghTKGJc=' https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://cdn.ampproject.org https://www.googletagservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://sharecdn.social9.com https://sharec.social9.com https://cdn.intergi.com; font-src 'self' https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://bid.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com https://youtube.com https://www.youtube.com https://cdn.intergient.com https://cdn.intergi.com https://*.googlesyndication.com; connect-src 'self' https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.google-analytics.com https://stats.g.doubleclick.net https://config.playwire.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://kinesis.us-east-1.amazonaws.com https://adservice.google.com https://cdn.intergient.com 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 3
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * blob:; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; worker-src blob:; block-all-mixed-content 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: https://* 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ;frame-ancestors 'self'; style-src * data: https://* 'unsafe-inline'; 3
default-src https:; font-src https: data: blob:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src https: blob:; frame-ancestors 'self'; connect-src https: blob: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
frame-ancestors 'self' facebook.com *.facebook.com 3
frame-ancestors cms-app.dagacube.net 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.braintreegateway.com/ https://assets.braintreegateway.com https://api.braintreegateway.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://www.google.com/ https://ajax.googleapis.com/ https://s3-us-west-2.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://ajax.googleapis.com/; font-src 'self'; img-src 'self' data: https://cdn.ckeditor.com/ https://code.jquery.com/ https://assets.braintreegateway.com; frame-src 'self' https://www.openstreetmap.org/ https://assets.braintreegateway.com; frame-ancestors 'self'; object-src 'self'; child-src https://assets.braintreegateway.com; connect-src 'self' https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com 3
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
frame-ancestors 'self' https://shopproxy.p-s-s.de; frame-ancestors 'self' https://home.interzum.com; frame-ancestors 'self' https://home.interzum.de 3
frame-ancestors plaid2016.nationbuilder.com 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 3
default-src 'none' ;report-to csp; report-uri https://report-uri.simplyadmire.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ https://siteimproveanalytics.com/ ;style-src 'self' data: 'unsafe-inline' https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ ; img-src 'self' data: https://www.google-analytics.com https://eu2.siteimprove.com/ https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ https://6006049.global.siteimproveanalytics.io ;media-src 'self' https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://rstts-eu.readspeaker.com ; font-src 'self' data: https://include.timeblockr.com/v1/ ; object-src 'self' ;frame-ancestors 'self' https://www.bergen-nh.nl https://www.castricum.nl https://www.uitgeest.nl https://www.heiloo.nl ; frame-src 'self' https://www.youtube-nocookie.com/ https://www.bergen-nh.nl https://www.castricum.nl https://www.uitgeest.nl https://www.heiloo.nl https://rstts-eu.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com ; connect-src 'self' https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://f1-eu.readspeaker.com https://include.timeblockr.com https://shared.api.timeblockr.com https://www.google-analytics.com ;  3
default-src 'none'; object-src 'self'; frame-src 'self' *.begabungslotse.de *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' 'unsafe-inline' *.bildung-und-begabung.de; script-src-elem 'self' 'unsafe-inline' *.bildung-und-begabung.de; script-src 'self' 'unsafe-inline' *.bildung-und-begabung.de; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' *.bildung-und-begabung.de 3
font-src *;img-src *; 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 3
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * blob:; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests 3
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 3
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 3
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com  https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com  https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com https://optimize.google.com  https://tagmanager.google.com  https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://apis.google.com https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https://newassets.hcaptcha.com https://www.recaptcha.net https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.us https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zoom.com.cn https://*.zoom.cn https://*.zopim.com https://adroll.com https://zoom.us 'self'; 2
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 2
default-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com player.4am.ch polyfill.io services.arcgis.com www.googleadservices.com assets.sitescdn.net *.nativechat.com *.addthis.com static.hotjar.com app.powerbi.com dc.services.visualstudio.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net content.powerapps.com visuals.azureedge.net gis.azureedge.net pbi.azureedge.net *.who.int m.addthis.com liveapi-cached.yext.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com liveapi.yext.com answers.yext-pixel.com westeurope.tts.speech.microsoft.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net who.cloudflareaccess.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com www.youtube.com public.tableau.com *.googleapis.com *.nativechat.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com *.sharethis.com connect.facebook.net ajax.aspnetcdn.com cdnjs.cloudflare.com www.clarity.ms https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com kendo.cdn.telerik.com www.googletagmanager.com z.moatads.com v1.addthisedge.com cdnjs.cloudflare.com www.who.int polyfill.io kendo.cdn.telerik.com *.googletagmanager.com *.pingdom.net *.jwpcdn.com *.doubleclick.net assets.sitescdn.net whosearch.searchblox.com *.msecnd.net tagmanager.google.com static.hotjar.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com script.hotjar.com assets.pinterest.com apps.who.int m.addthis.com npmcdn.com script.hotjar.com; style-src 'self' 'unsafe-inline' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.googleapis.com *.nativechat.com *.sharethis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdnjs.cloudflare.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com tagmanager.google.com; font-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com fonts.gstatic.com kendo.cdn.telerik.com *.nativechat.com *.sharethis.com netdna.bootstrapcdn.com data: use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net; img-src 'self' data: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.gstatic.com *.googleapis.com *.nativechat.com *.sharethis.com *.google-analytics.com platform.tumblr.com www.clarity.ms web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://apps.who.int https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net *.who.int yt3.ggpht.com i.ytimg.com addthis.com *.googleusercontent.com googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com; media-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com terrance.who.int data: blob: *.who.int; frame-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com who.maps.arcgis.com player.vimeo.com html5-player.libsyn.com *.nativechat.com public.tableau.com experience.arcgis.com www.facebook.com s7.addthis.com www.youtube.com platform.twitter.com *.who.int *.doubleclick.net docs.google.com syndication.twitter.com *.sitefinity.cloud player.4am.ch *.sharethis.mgr.consensu.org *.google.com vars.hotjar.com youtube-nocookie.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com assets.pinterest.com www.youtube-nocookie.com vars.hotjar.com app.powerbi.com pbi.azureedge.net wabi-north-europe-g-primary-redirect.analysis.windows.net; frame-ancestors tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net *.who.int; child-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com https://platform.twitter.com/ https://syndication.twitter.com/ *.nativechat.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.who.int; connect-src 'self' frontdoor-l4uikgap6gz3m.azurefd.net geocode.arcgis.com tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com stats.g.doubleclick.net accounts.google.com https://*.dec.sitefinity.com *.nativechat.com *.mktoresp.com *.who.int www.clarity.ms services.arcgis.com dc.services.visualstudio.com whosearch.searchblox.com *.google-analytics.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; object-src tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; 2
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com *.vk.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net pagead2.googlesyndication.com; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net tpc.googlesyndication.com; report-uri https://cspreport.mail.ru/splash?v=19.11.20; 2
default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.facebook.com *.fbcdn.net https://*.facebook.net;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com *;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net;img-src 'self' data: blob: *;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests; 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net *.pingdom.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com authsite.roblox.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net dcams.app 2
frame-ancestors *.mediafire.com 2
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.iteratehq.com https://iteratehq.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 2
frame-ancestors http://*.ieee.org https://*.ieee.org 2
frame-src 'self' share.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com;connect-src 'self' appcenter.ms install.appcenter.ms https://secure.gravatar.com *.intercom.io *.optimizely.com uploads.intercomcdn.com uploads.intercomusercontent.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.documents.azure.com *.hockeyapp.net *.blob.core.windows.net https://*.ingest.sentry.io https://graph.microsoft.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3.eu-west-1.amazonaws.com wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://api-prod-east-us2.prod.avalanch.es:8088 https://file.appcenter.ms wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://upload.appcenter.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;default-src 'self' *.msecnd.net data:;font-src 'self' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com;img-src * data:;media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3.eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3.eu-west-1.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com monaco-cdn-int.azureedge.net accessibility-bookmarklets.org uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;style-src 'self' 'unsafe-inline' monaco-cdn-int.azureedge.net accessibility-bookmarklets.org/ uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;worker-src 'self' blob: 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://broadcast.st.dl.bscstorage.net https://broadcast.st.dl.eccdnx.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data:; 2
frame-ancestors 'self' *.wildberries.ru 2
frame-ancestors https://*.facebook.com https://*.parallels.com https://*.parallels.cn https://*.prls.net; 2
frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self'; 2
frame-ancestors 'self' *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com;  2
frame-ancestors 'self' *.shopeemobile.com *.shopee.com.my *.shopee.cn *.facebook.com;  2
frame-ancestors *.icann.org 2
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 2
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' ; img-src 'self' https://*.lmiutil.com/  https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com https://*.go-mpulse.net https://*.akstat.io/ data: https://*.g2.com  https://*.akstat.io/ https://*.go-mpulse.net https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com  https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.akstat.io/ https://*.go-mpulse.net https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self'  https://*.cardinalcommerce.com https://*.akstat.io/ https://*.go-mpulse.net https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com  https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cardinalcommerce.com https://*.lmiutil.com/  https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.cardinalcommerce.com https://cdn.lmiutil.com/ https://*.go-mpulse.net https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2 https://*.cybersource.com/  https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://litmus.com https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ;frame-src *;frame-ancestors 'self'  https://*.lookbookhq.com https://*.pathfactory.com https://*.logmein.com https://*.lastpass.com;worker-src https://*.lastpass.com blob: 2
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' https://*.iubenda.com https://*.hotjar.com data: https://tagmanager.google.com/debug https://js.intercomcdn.com https://widget.intercom.io https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://fonts.gstatic.com https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://js.intercomcdn.com/fonts/; img-src 'self' data: https:; connect-src 'self' https://*.iubenda.com https://*.algolia.net https://*.algolianet.com https://content.arduino.cc https://fonts.gstatic.com https://*.hotjar.com https://login.arduino.cc https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/ https://api-iam.intercom.io/messenger/web/ping; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://*.hotjar.com https://login.arduino.cc https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' *.arduino.cc 2
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de analytics.mpg.de; 2
frame-ancestors 'self' *.globalsources.com *.asiansources.com *.globalsources.com.hk; 2
frame-ancestors frame-ancestors 'self' 2
frame-ancestors 'self' https://*.justia.com http://*.justia.com 2
report-uri https://frontendservice.report-uri.com/r/t/csp/enforce; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://transferwise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://alb.reddit.com https://assistly-production.s3.amazonaws.com https://b97.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.transferwise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://transferwise.desk.com https://widgets.transferwise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://wise.com https://help.wise.com/ https://widgets.wise.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.transferwise.com/ https://widgets.wise.com/; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://transferwise.com polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com s.yimg.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://b97.yahoo.co.jp www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com www.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com connect.facebook.net www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://d2dgj1jjqgsb96.cloudfront.net https://sc-static.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://wise.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors https://transferwiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com https://wiseturkiye.com.tr; frame-src https://staticxx.facebook.com/ https://www.facebook.com youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://tr.snapchat.com https://transferwise.com https://wise.com 2
frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk 2
connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com http://*.datatables.net https://www.googleapis.com;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com http://*.googleapis.com https://*.googleapis.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr *.googleapis.com data:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * intent:; child-src * blob:; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
base-uri https://*.ryanair.com https://*.laudamotion.com; child-src https://*.hotjar.com https://*.hotjar.io; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.hotjar.com https://smetrics.ryanair.com https://*.hotjar.com https://*.hotjar.io https://*.boxever.com https://www.gstatic.com https://news.ryanair.com https://www.google-analytics.com wss://*.hotjar.com https://www.rentalcars.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.ryanair.com https://api.ryanair.com https://assets.ryanair.com https://desktopapps.ryanair.com https://places-rooms.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; default-src 'self' https://ajax.googleapis.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; frame-src 'self' https://*.ryanair.com https://ryanair.demdex.net https://*.hotjar.com https://*.hotjar.io https://*.cdn-net.com https://www.google.com https://*.accdab.net; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://ajax.googleapis.com https://assets.ryanair.com; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://dpm.demdex.net https://smetrics.ryanair.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cm.g.doubleclick.net https://*.criteo.com https://www.facebook.com https://play-lh.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com https://assets.ryanair.com/; manifest-src https://*.ryanair.com https://*.laudamotion.com; object-src 'self' https://*.cdn-net.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.boxever.com https://*.cdn-net.com https://*.googleapis.com https://*.launchdarkly.com https://assets.ryanair.com https://bam.nr-data.net https://d1mj578wat5n4o.cloudfront.net https://js-agent.newrelic.com https://*.hotjar.com https://*.hotjar.io https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://polyfill.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; report-uri https://csp-reporter.ryanair.com/report?app=homepage; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.adobedtm.com *.demdex.net *.decibelinsight.net *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.youtube.com *.ytimg.com *.doubleclick.net *.twinesocial.com *.pusher.com *.cloudflare.com *.zmags.com *.raisenow.com *.newrelic.com *.nr-data.net *.adobe.com *.dotomi.com;  upgrade-insecure-requests; object-src *.ubs.com 2
default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss: blob:; font-src https: data: wss: 'self'; connect-src 'self' https: wss:; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 2
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com google-analytics.bi.owox.com api.advcake.com 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.cdn-tinkoff.ru www.tinkoff.ru cfg.tinkoff.ru acdn.tinkoff.ru business.tinkoff.ru; script-src sync.datamind.ru www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com *.g.doubleclick.net assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com connect.facebook.net *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru ad.doubleclick.net 'self' 'unsafe-eval' 'unsafe-inline'; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com www.facebook.com/tr/ *.g.doubleclick.net www.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru hit.acstat.com dp.tinkoffinsurance.ru 'self' data: *.tcsbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru 'self' blob: *.tinkoff.ru *.tcsbank.ru; report-uri https://www.tinkoff.ru/api/front/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 2
frame-ancestors 'self' app.optimizely.com cdn.optimizely.com *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 2
frame-ancestors 'self' https://*.chronicle.com 2
frame-ancestors https://*.udacity.com 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com; script-src 'self' https://gab.com https://*.gab.com 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
frame-ancestors http://www.vistaprint.com https://www.vistaprint.com http://vistaprint.com https://vistaprint.com https://www.optimizelyedit.com https://app.optimizely.com http://app.optimizely.com http://script.crazyegg.com https://script.crazyegg.com script.crazyegg.com http://www.radins.com http://fr.igraal.com http://cmsauth.vistaprint.prod https://secure.vistaprint.com https://*.hatchery.vistaprint.com https://*.mobile.vpsvc.com; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.interco.io wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://*.twilio.com wss://*.firebaseio.com  https://cdn.firebase.com https://*.firebaseio.com; report-uri https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1YajQYljNDyq_HZcQMFwMFIEBS9eHG3wV3FNhihD_eeXQkr_HnJMjSGly5t4VQFrfZujfZFoFY5wHaTC8TvTlxRcur_pISTvX0Dw96EIlb4Q== 2
frame-ancestors 'self' https://*.sproutsocial.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com bbox.blackbaudhosting.com olx.britishmuseum.org www.britishmuseum.org maps.googleapis.com cdn.rawgit.com services.postcodeanywhere.co.uk www.youtube.com s.ytimg.com payments.blackbaud.com secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com connect.facebook.net secure.quantserve.com edge.quantserve.com www.google-analytics.com rules.quantcount.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net; img-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com ssl.gstatic.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com maps.gstatic.com maps.googleapis.com cdn.rawgit.com olx.britishmuseum.org secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com www.facebook.com pixel.quantserve.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads static.designmynight.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com ttp://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io openseadragon.github.io libimages1.princeton.edu 51.11.16.222 media.britishmuseum.org http://media.britishmuseum.org https://www.google-analytics.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net data:;; frame-src 'self' www.google.com player.vimeo.com payments.blackbaud.com bbox.blackbaudhosting.com sketchfab.com w.soundcloud.com www.youtube.com bookings.designmynight.com www.facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com http://*.queue-it.net https://*.queue-it.net; frame-ancestors 'self'; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.queue-it.net https://*.queue-it.net data:;; connect-src 'self' www.google-analytics.com payments.blackbaud.com olx.britishmuseum.org bookings.designmynight.com www.facebook.com facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://51.143.128.218 media.britishmuseum.org http://*.queue-it.net https://*.queue-it.net 2
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com; frame-src https://www.googletagmanager.com https://optimize.google.com; object-src 'self' 2
script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; report-uri https://www.startpage.com/do/cspvr 2
img-src 'self' https: data: cdn.paris.fr 2
default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://api-fra.livechatinc.com https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://www.facebook.com; object-src 'none'; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synology.jobbase.io https://*.synology.com https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://cndl.synology.cn https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://www.linkedin.com/px https://alb.reddit.com https://t.co/i/adsct https://p.adsymptotic.com/d/px https://bat.bing.com data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com https://api-fra.livechatinc.com; script-src 'self' data: blob: https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://synology.jobbase.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
frame-ancestors https://ads.idntimes.com 2
http://localhost:* file: *.labanquepostale.fr 2
frame-ancestors 'self' *.brightspace.com; 2
default-src 'self'  https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' ; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self'  https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src https: blob: 2
object-src 'self' https://marketing-cdn.hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://marketing-cdn.hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://player.vimeo.com/* data https://marketing-cdn.hightail.com/; frame-ancestors 'self' https://marketing-cdn.hightail.com; 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
upgrade-insecure-requests ;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=douyin_inapp 2
frame-ancestors 'self' *.bazaarvoice.com 2
font-src 'self' data: *.consumerfinance.gov fast.fonts.net fonts.google.com fonts.gstatic.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com *.qualtrics.com raw.githubusercontent.com; media-src 'self' *.consumerfinance.gov; default-src 'self'; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com *.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.google-analytics.com *.googletagmanager.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com *.qualtrics.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com *.qualtrics.com *.mouseflow.com 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 2
default-src 'self'; child-src blob: https://www.amnh.org; connect-src 'self' https://cdp.cloud.unity3d.com https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://edit.meridianapps.com https://media.amnh.org https://starling.crowdriff.com https://stats.g.doubleclick.net https://tags.meridianapps.com https://www.facebook.com https://adservice.google.com https://www.google-analytics.com https://www.google.com wss://tags.meridianapps.com; font-src 'self' data: https://fonts.gstatic.com https://ssl.p.jwpcdn.com https://use.typekit.net; form-action 'self' https://digitallibrary.amnh.org https://libcat1.amnh.org https://www.facebook.com; frame-ancestors 'self' https://*.google.com https://amnh.org https://ticketing.amnh.org https://www.amnh.org; frame-src 'self' https://*.search.serialssolutions.com https://accounts.google.com https://bid.g.doubleclick.net https://block.opendns.com https://calendar.google.com https://d1eoo1tco6rr5e.cloudfront.net https://darwin.amnh.org https://docs.google.com https://embed.videodelivery.net https://iframe.videodelivery.net https://insight.adsrvr.org https://m.facebook.com https://mead2019.sched.com https://moodle.amnh.org https://optimize.google.com https://ourworldindata.org https://platform.twitter.com https://player.vimeo.com https://useast-www.securly.com https://w.soundcloud.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com; img-src 'self' data: blob: http://www.amnh.org http://www.googletagmanager.com https://*.cloudfront.net https://img.youtube.com https://anthro.amnh.org https://assets.simpleviewinc.com https://connect.facebook.net https://cs.choozle.com https://event.yoochoose.net https://files.meridianapps.com https://i.ytimg.com https://idsync.rlcdn.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://media.amnh.org https://optimize.google.com https://p.typekit.net https://pixel.quantserve.com https://ssl.gstatic.com https://t.co https://ticketing.amnh.org https://translate.google.com https://translate.googleapis.com https://useast2-www.securly.com https://www.addevent.com https://www.facebook.com https://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; media-src 'self' 'unsafe-inline' data: https://embed.videodelivery.net https://media.amnh.org https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: http://collector-2328.tvsquared.com https://addevent.com https://ajax.cloudflare.com https://anthro.amnh.org https://cdn.knightlab.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.google.com https://mead2019.sched.com https://optimize.google.com https://platform.instagram.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://starling.crowdriff.com https://tagmanager.google.com https://translate.googleapis.com https://translate.google.com https://use.typekit.net https://use.typekit.net https://www.amnh.org https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.youtube.com http://tagmanager.google.com http://www.googleadservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://addevent.com http://ajax.googleapis.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://anthro.amnh.org https://cdn.knightlab.com https://cdn.yoochoose.net https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://embed.videodelivery.net https://fullstory.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://nexus.ensighten.com https://optimize.google.com https://platform.instagram.com https://platform.twitter.com https://rules.quantcount.com https://secure.quantserve.com https://starling.crowdriff.com https://static.ads-twitter.com https://s.ytimg.com https://tagmanager.google.com https://tagmanager.google.com https://translate.googleapis.com https://translate.google.com https://use.typekit.net https://use.typekit.net https://useast-www.securly.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.securly.com https://www.youtube.com http://www.google.com; style-src-elem 'self' 'unsafe-inline' https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://optimize.google.com https://starling.crowdriff.com https://tagmanager.google.com https://translate.googleapis.com https://www.amnh.org; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://optimize.google.com https://p.typekit.net https://starling.crowdriff.com https://translate.googleapis.com https://use.typekit.net; manifest-src 'self'; worker-src blob: 'self'; report-to report-uri-amnh-csp-endpoint; report-uri https://7a98bee1626943e2fe93ad69916e3e29.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com *.carros24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
default-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com snap.licdn.com px.ads.linkedin.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' cdn.rawgit.com https://developers.google.com https://snap.licdn.com assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src   data: 'self' fonts.gstatic.com;     img-src 'self' data: https://developers.google.com asset.piraeusbank.gr 'unsafe-inline'  assets.piraeusbank.gr   px.ads.linkedin.com https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js 2
frame-ancestors 'self' https://webhare.utwente.nl https://employees.utwente.nl 2
frame-ancestors *.ushmm.org; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
default-src https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src 'self' https: wss:; media-src https: data: blob:; worker-src 'self' https:; 2
img-src * data:; 2
default-src 'unsafe-inline' https:; img-src data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'self' https://www.20min.ch https://*.unitycms.io; 2
default-src 'self' badoocdn.com *.badoocdn.com pd1us.badoocdn.com; connect-src 'self' badoo.com eu1.badoo.com us1.badoo.com am1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.mapbox.com wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com https://www.facebook.com https://adservice.google.com/tt/r; script-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd1us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; prefetch-src 'self' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; img-src * data: blob:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self' badoocdn.com *.badoocdn.com pd1us.badoocdn.com; base-uri 'self'; form-action 'self' *; frame-src * bds: bdp:; frame-ancestors 'self' apps.facebook.com; upgrade-insecure-requests; report-uri /jss/csp_report.phtml 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: analytics.google.com *.boltdns.net *.brightcovecdn.com *.llnwd.net *.llnw.net *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.go-mpulse.net *.akstat.io *.aexp-static.com *.americanexpress.com tag.yieldoptimizer.com hm.baidu.com *.bambuser.com x.bidswitch.net bat.bing.com *.branch.io app.link s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net dpdb.webvr.rocks *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com cdn.grata.cn *.usehero.com *.twilio.com wss://*.vss.twilio.com *.us1.twilio.com wss://*.us1.twilio.com *.eu1.twilio.com wss://*.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.liveperson.net wss://*.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com *.paypal.com www.personifyxpassets.com 7vr7bv2vla.execute-api.eu-west-1.amazonaws.com ct.pinterest.com s.pinimg.com *.qudini.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi d1fc8wv8zag5ca.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com vjs.zencdn.net sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; base-uri 'self'; upgrade-insecure-requests; report-uri https://brby.report-uri.com/r/t/csp/enforce 2
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.roboform.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.redditstatic.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com; frame-src 'self' https://docs.google.com/ https://widget.reviews.io/ https://*.doubleclick.net/ https://www.google.com https://www.facebook.com https://www.emjcd.com https://cj.dotomi.com https://www.youtube.com 2
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co match.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; media-src 'self' data: blob: www.youtube.com; frame-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com; connect-src 'self' polo.feathr.co *.crazyegg.com; 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/; img-src 'self' data: https://cdn.prgloo.com/ https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com; object-src 'self'; report-uri /service/csp; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2e70e9yced57e.cloudfront.net d2k0escgkdw2ev.cloudfront.net d3k4ohqf5n453g.cloudfront.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net cdn.ampproject.org bat.bing.com s.yimg.com cdn.taboola.com trc.taboola.com sp.analytics.yahoo.com *.facebook.com connect.facebook.net www.linkedin.com www.reddit.com *.twitter.com static.ads-twitter.com *.linkedin.com *.pinterest.com *.reddit.com www.dianomi.com loadus.exelator.com ct.buyright.com affiliate.icclicktracker.com amplify.outbrain.com track.supersonicads.com ads.trafficjunky.net cdn.ckeditor.com *.wistia.com sentry.io www.datadoghq-browser-agent.com opensharecount.com *.mediaalpha.com smartforms.ekomi.com *.amazonaws.com *.mtcaptcha.com cfstatic.efdevhub.info cdn.wallethub.com static.olark.com api.olark.com 2
frame-ancestors https://*.demandbase.com 2
default-src 'self' *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com  https://analytics.google.com *.googleapis.com *.googletagmanager.com; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
img-src 'self' data: https://ads.yahoo.com https://cdn.uphold.com https://cm.g.doubleclick.net https://d.adroll.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://images.prismic.io https://p.typekit.net https://pixel.advertising.com https://pixel.rubiconproject.com https://prismic-io.s3.amazonaws.com https://simage2.pubmatic.com https://stats.g.doubleclick.net https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://uphold.cdn.prismic.io https://ups.analytics.yahoo.com https://us-u.openx.net https://use.typekit.net https://www.facebook.com https://www.google.com https://www.google.pt https://x.bidswitch.net www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com/ https://cdn.sift.com/s.js https://cdn.uphold.com https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://s.adroll.com http://static.cdn.prismic.io/prismic.js https://static.zdassets.com/ https://s.adroll.com https://use.typekit.net https://www.datadoghq-browser-agent.com https://www.gstatic.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com https://trends-sandbox.uphold.com https://trends.uphold.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net/ https://use.typekit.net 2
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 2
img-src https: 2
frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 2
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 2
default-src 'self' data: https://*.commerce.gov https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://www.youtube-nocookie.com https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests;  2
default-src https://www.nic.ir https://static.nic.ir 'unsafe-inline'; img-src *.nic.ir https://webchat.nic.ir:8080 https://trustseal.enamad.ir/ http://trustseal.enamad.ir/; font-src *.nic.ir 2
frame-src https://*.doubleclick.net:* https://*.facebook.com:* https://*.google.com:* https://*.soundcloud.com:* https://*.spotify.com:* https://*.twitter.com:* https://*.vimeo.com:* https://*.youtube.com:*; frame-ancestors 'self'; 2
frame-ancestors *.2checkout.com *.2co.com *.avangate.com 2
default-src 'self' blob:; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' analytics.google.com www.google.gr optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io *.onetrust.com; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 2
frame-ancestors 'self' libertystreeteconomics.newyorkfed.org; 2
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://box.kaspersky.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://box.kaspersky.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://box.kaspersky.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://box.kaspersky.com https://cdn.securelist.com https://go.kaspersky.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://box.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://box.kaspersky.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://box.kaspersky.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://box.kaspersky.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.getclicky.com *.staticstuff.net *.tent.network *.google.com *.gstatic.com *.googleapis.com 2
frame-ancestors https://docs.google.com https://*.googleusercontent.com; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.useinsider.com ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.useinsider.com https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.useinsider.com; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.useinsider.com https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; script-src 'self' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' https://www.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://www.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/enforce; worker-src 'none'; 2
frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2
default-src 'self' *.binomo.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com top-fwz1.mail.ru *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo.com *.binomo.com wss://as.binomo.com:* wss://as.binomo.com:* wss://ws.binomo.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo.com *.binomo.com; img-src * data:; media-src 'self' *.binomo.com *.binomo.com; script-src 'self' static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline' *.binomo.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo.com *.binomo.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.surveymonkey.com ajax.googleapis.com static.ads-twitter.com analytics.twitter.com analytics.tiktok.com sf16-scmcdn-va.ibytedtos.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com *.appboycdn.com; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net life360.zendesk.com  *.greenhouse.io *.braze.com analytics.tiktok.com; img-src 'self' *.cloudfront.net *.locationiq.org life360-wordpress.s3.amazonaws.com life360.zendesk.com www.googletagmanager.com www.google-analytics.com *.google.com t.co www.facebook.com *.ytimg.com data: *.gravatar.com; child-src 'self' www.surveymonkey.com wwww.ajax.googleapis.com www.youtube.com www.youtube-nocookie.com www.google.com *.doubleclick.net; font-src 'self' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com wss://directline.botframework.com; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.newswire.com 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://js.driftt.com https://j.6sc.co https://tag.demandbase.com https://vidassets.terminus.services https://ab-partner-locator.s3-us-west-2.amazonaws.com/partnerlocator-bundle.js https://*.statuspage.io https://js.stripe.com https://*.opswat.com https://*.salesforceliveagent.com https://googleads.g.doubleclick.net https://*.force.com https://*.salesforce.com https://code.jquery.com https://www.gstatic.com https://analytics.twitter.com https://forms.hsforms.com js.hsforms.net https://s.ytimg.com https://snap.licdn.com https://js.hs-banner.com https://js.hs-analytics.net https://connect.facebook.net www.youtube.com https://*.wistia.com https://*.wistia.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://js.hs-scripts.com www.googleadservices.com https://www.google.com https://www.google.com.vn https://static.ads-twitter.com; img-src 'self' data: https://*.6sc.co https://match.prod.bidr.io https://id.rlcdn.com https://vidassets.terminus.services https://opswat.allbound.com/ https://pluginicons.craft-cdn.com https://www.linkedin.com https://storage.googleapis.com https://*.opswat.com https://forms.hsforms.com https://track.hubspot.com https://embed-fastly.wistia.com https://perf.hsforms.com https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co http://t.co https://www.google.com.vn https://www.facebook.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com; connect-src 'self' https://secure.adnxs.com https://*.6sc.co https://api.company-target.com https://api-k8s.allbound.com https://api-k8s.allbound.com/v5/public/partners https://*.craftcms.com https://go.opswat.com https://newportal-opswat.cs42.force.com https://forms.hsforms.com https://www.facebook.com https://oesis-downloads-portal.s3.us-west-1.amazonaws.com https://embedwistia-a.akamaihd.net https://*.litix.io *.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com ; style-src 'unsafe-inline' 'self' http://*.opswat.com https://*.force.com; frame-src 'self' https://js.driftt.com https://*.statuspage.io https://js.stripe.com https://service.force.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://forms.hsforms.com https://www.facebook.com https://www.google.com https://www.slideshare.net http://www.slideshare.net; font-src 'self' data: https://static.opswat.com https://fonts.gstatic.com https://*.wistia.com; media-src 'self' blob: data: https://static.opswat.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://storage.googleapis.com; worker-src 'self' blob:; object-src 'none'; 2
frame-ancestors https://*.optimizely.com; upgrade-insecure-requests; default-src data: https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.verizon.com http://*.verizon.com https://*.verizonwireless.com http://*.verizonwireless.com https://*.verizonbusinessfios.com/  https://*.consensuscorp.com http://*.consensuscorp.com  https://vbmbos.lightning.force.com  http://vbmbos.lightning.force.com https://vbmbos--c.na73.visual.force.com http://vbmbos--c.na73.visual.force.com https://vbmbos.my.salesforce.com http://vbmbos.my.salesforce.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.doorbell.io *.crazyegg.com https://*.ravelrycache.com https://*.chatlio.com plausible.io https://*.hotjar.com https://*.raygun.io https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com *.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com  https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.crazyegg.com *.gstatic.com *.raygun.io; frame-src 'self' https://*.facebook.com https://*.hotjar.com  https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.spotify.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com doorbell.io:443 *.crazyegg.com https://*.raygun.io https://*.nr-data.net https://plausible.io https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 2
img-src 'self' data:;font-src 'none' 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.hsn.com https://*.hsn.net 2
frame-src https://www.google.com 'self' intent: https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.ftrace.com https://*.lidl-info.com https://*.lidl-onlinenewsletter.de https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.mynetfair.com https://*.sit.sys.odj.cloud https://*.stackit.cloud https://*.vrxs.de https://ar.lidl.com https://balancechecks.tx-gate.com https://consentcdn.cookiebot.com https://facebook.com https://h.online-metrix.net https://ldl.viewer.cit-fusion.com https://lidlde.int.userwerk.com https://searchhub.io https://web.secmedia.de https://www.awin1.com https://www.edge-cdn.net https://www.lidl-gewinnspiel.de https://www.youtube-nocookie.com https://www.youtube.com ; object-src https://www.google.com data: https://*.facebook.com https://*.facebook.net https://*.lidl-flyer.com https://*.livebuy.io https://*.online-metrix.net https://facebook.com https://h.online-metrix.net https://searchhub.io ; img-src https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk 'self' data: moz-extension: http://www.adobe.com https://*.360yield.com https://*.addthis.com https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.casalemedia.com https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.searchhub.io https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.virtualearth.net https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://balancechecks.tx-gate.com https://contextual.media.net https://event.yoochoose.net https://facebook.com https://h.online-metrix.net https://lidl.de https://lidlde.int.userwerk.com https://match.sharethrough.com https://s.kelkoogroup.net https://searchhub.io https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://www.adobe.com https://www.awin1.com https://www.bing.com https://www.bizrate.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://x.bidswitch.net ; report-uri https://csp-server.prod.varnish-poc.lidl-shop.com/csp/report ; frame-ancestors 'self' https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://beeem.co ; style-src https://www.google.com 'self' 'unsafe-inline' https://*.fitanalytics.com https://*.lidl-flyer.com https://*.lidl.de https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com https://searchhub.io https://www.bing.com ; default-src https://www.google.com https://www.google.de 'self' blob: data: intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.online-metrix.net https://*.parcellab.com https://*.peakprotect.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.virtualearth.net https://analytics.google.com https://balancechecks.tx-gate.com https://event.yoochoose.net https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://lidl.media01.eu https://lidlde.int.userwerk.com https://s.kelkoogroup.net https://searchhub.io https://tracking.s24.com https://www.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.lacmp.net https://csp-server.prod.varnish-poc.lidl-shop.com ; script-src https://www.google.com 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.online-metrix.net https://*.parcellab.com https://*.peakprotect.com https://*.searchhub.io https://*.semtrack.de https://*.simplesurance.de https://*.virtualearth.net https://ajax.googleapis.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://code.etracker.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://facebook.com https://h.online-metrix.net https://lidl.de https://lidl.media01.eu https://lidlde.int.userwerk.com https://s.ytimg.com https://searchhub.io https://tracking.s24.com https://www.bing.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lacmp.net https://www.youtube.com ; 2
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com/ https://hm.baidu.com https://www.zblogcn.com https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js; style-src 'self' 'unsafe-inline' https://*.zblogcn.com; font-src 'self' https://*.zblogcn.com; img-src 'self' https://* data: 2
media-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.firefox.com.cn; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com api.map.baidu.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com.cn/ https://accounts.firefox.com.cn/ 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src *; frame-ancestors 'self' https://citizensadvicegateshead.org.uk; 2
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; upgrade-insecure-requests; 2
default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com fitchconnect.piwikpro.com cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com c.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co tagmanager.google.com chart-studio.plotly.com public.flourish.studio  app.fitchconnect-stg.com app.fitchconnect.com; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net your.fitch.group c.evidon.com *.funnelenvy.com www.google-analytics.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io; prefetch-src 'self' *.funnelenvy.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com c.evidon.com fitchconnect.piwikpro.com munchkin.marketo.net snap.licdn.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com *.brightcove.com; img-src 'self' data: trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com www.google-analytics.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com *.linkedin.com p.adsymptotic.com *.idio.co your.fitch.group *.fitchratings.com httpsak-a.akamaihd.net; font-src 'self' data: *.fitchratings.com fonts.gstatic.com; frame-src 'self' *.fitchratings.com l3.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 2
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' www.facebook.com www.messenger.com www.liligo.fr admin.liligo.fr; report-uri /vsctcspreport 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 2
frame-ancestors https://www.dow.com/ http://rsc.intranet.dow.com/ 2
default-src 'self' ws://localhost:* data: 'unsafe-eval' 'unsafe-inline' https://app.youneedabudget.com localhost:* *.youneedabudget.com marketing-youneedabudgetco.netdna-ssl.com sslcdn-youneedabudgetco.netdna-ssl.com youneedabudget.helpscoutdocs.com hello.myfonts.net  https://static.airtable.com/js/embed/ https://zapier.com/apps/embed/widget.js appleid.cdn-apple.com *.amplitude.com *.mparticle.com https://api.rollbar.com https://cdn.rollbar.com sdk.iad-03.braze.com https://polyfill.io https://cdn.speedcurve.com https://lux.speedcurve.com https://cdnjs.cloudflare.com *.adroll.com d.adroll.mgr.consensu.org https://*.cdnbasket.net/ https://ids.cdnwidget.com/c https://pixel.cdnwidget.com/cdn/c.min.js https://cdn.pdst.fm/ping.min.js https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink s.ytimg.com analytics.twitter.com *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.helpscout.net *.pinterest.com *.pusher.com *.quora.com *.soundcloud.com *.sumologic.com *.twitter.com *.youtube.com accounts.google.com apis.google.com d3hb14vkzrxvla.cloudfront.net djtflbt20bdde.cloudfront.net d.impactradius-event.com https://ajax.cloudflare.com https://api.cloudinary.com https://api.getgo.com https://api.ipify.org https://docs.google.com https://giphy.com/ https://s.pinimg.com https://youneedabudget.us11.list-manage.com optimize.google.com player.vimeo.com youneedabudget.a4xxmk.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com www.google.au www.google.be www.google.ca www.google.ch www.google.co.in www.google.co.nz www.google.co.uk www.google.com.br www.google.com.mx www.google.com.ph www.google.com.sg www.google.com www.google.de www.google.es www.google.fr www.google.ie www.google.nl www.google.no www.google.pl www.google.ru;frame-ancestors http://localhost:* *.youneedabudget.com;frame-src 'self' accounts.google.com airtable.com doubleclick.net *.doubleclick.net staticxx.facebook.com w.soundcloud.com *.facebook.com www.youtube.com optimize.google.com open.spotify.com assets.pinterest.com;img-src data: *;font-src 'self' data: fonts.gstatic.com *.intercomcdn.com sslcdn-youneedabudgetco.netdna-ssl.com *.youneedabudget.com 2
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 2
frame-ancestors 'self' *.svd.se; default-src https: data: blob: wss: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com http://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://images.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.polyfill.io https://polyfill.io https://*.smartystreets.com https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://secure.gravatar.com https://*.embed.ly https://yoast.com https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://*.qualaroo.com https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://connect.facebook.net https://www.facebook.com https://adservice.google.co.in https://adservice.google.com.au https://adservice.google.ca https://*.ytimg.com https://*.verticalhealth.net https://d.turn.com https://*.demdex.net https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://bcg.coupons.com https://*.embedly.com https://*.flashtalking.com https://pixel.sbal4kp.com https://secure.adnxs.com https://api.lever.co https://*.segment.io https://*.segment.com https://*.userzoom.com https://sc.iasds01.com https://sb.voicefive.com https://js.stripe.com https://www.redditstatic.com https://alb.reddit.com https://wsdk.rokt.com https://*.speedcurve.com https://fast.wistia.com https://platform.twitter.com https://*.doceree.com https://www.medtargetsystem.com https://thrtle.com https://trc.lhmos.com https://match.deepintent.com https://ib.adnxs.com https://api.prod.projectexodus.us https://js.appboycdn.com https://*.braze.com https://use.fontawesome.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com https://intercom-sheets.com https://*.heydoctor.io; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu *.pusherapp.com *.pusher.com fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com; media-src 'self' https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net; object-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.owncloud.com; img-src * data: blob: 'unsafe-inline'; frame-src *; connect-src 'self' *.mktoresp.com *.mktoutil.com *.owncloud.com *.google-analytics.com *.facebook.com *.doubleclick.net *.fontawesome.com; media-src 'self' *.24liveblog.com 'unsafe-inline'; style-src 'self' *.google.com *.gstatic.com https://unpkg.com *.googleapis.com *.cloudflare.com *.marketo.com *.mktoresp.com *.owncloud.com *.fontawesome.com 'unsafe-inline'; font-src 'self' * data: 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
frame-ancestors 'self' *.springernature.com; 2
child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 2
frame-ancestors 'self' *.jetstar.com/; 2
frame-ancestors 'self' qa-app.fastspring.com app.fastspring.com go.fastspring.com *.onfastspring.com qa4-identity-service.fastspring.com identity-service.fastspring.com prod-identity-service.fastspring.com; 2
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it http://manage.pec.it https://manage.pec.it 2
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 2
frame-ancestors 'self' https://mtt-live.apps.emea.vwapps.io https://mtt-live-blue.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io https://mtt-blue.apps.emea.vwapps.io http://mtt-local.apps.emea.vwapps.io; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://edge.addthis.com https://m.addthis.com https://s2.adform.net https://s7.addthis.com https://v1.addthisedge.com https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://healthunlocked.com https://wusote.hirizasune.com https://assets.hu-production.be https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://assets.nhs.uk https://ls.northchaddertonschool.co.uk https://z.moatads.com https://secure.myshopcouponmac.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.oracle.com https://quantcast.com https://quantcount.com https://edge.quantserve.com https://secure.quantserve.com https://s.pinimg.com https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://ws.sessioncam.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://analytics.twitter.com https://use.typekit.net https://config1.veinteractive.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com;img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://ad.doubleclick.net https://googleads.g.doubleclick.net https://pubads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://optimize.google.com https://play.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://i.ytimg.com https://m.addthis.com https://s3.amazonaws.com https://tools.applemediaservices.com https://cx.atdmt.com https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://scontent-iad3-1.cdninstagram.com https://scontent-syd2-1.cdninstagram.com https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://www.facebook.com https://gorentoys.net https://assets.hu-production.be https://images.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://zswpmanager.wip.mmc.com https://bam.nr-data.net https://ct.pinterest.com https://idsync.rlcdn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://trc.taboola.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://gjtrack.ucweb.com https://cookiee1.veinteractive.com https://a.volvelle.tech;media-src 'self' https://ssl.gstatic.com https://dop9av6nvryqq.cloudfront.net;frame-src 'self' ms-appx-web: https://embed.acast.com https://cp.bhf.org.uk https://extras.bhf.org.uk https://embed.podcasts.apple.com https://www.typeform.com https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com https://www.google.com gsa://onpageload https://player.acast.com https://track.adform.net https://edge.addthis.com https://s7.addthis.com https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.boombox.com https://view.ceros.com https://www.facebook.com https://wchat.eu.freshchat.com https://280841640230733.eu.webpush.freshchat.com https://www.ons.gov.uk https://irewind.com https://zswpmanager.wip.mmc.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://dntcl.qualaroo.com https://app.qzzr.com https://www.qzzr.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20782822p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://20782821p.rfihub.com https://20822326p.rfihub.com https://20823015p.rfihub.com https://20823018p.rfihub.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://embed.wirewax.com https://config1.veinteractive.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com https://maxcdn.bootstrapcdn.com;connect-src 'self' https://stats.g.doubleclick.net https://ampcid.google.com https://adservice.google.com https://www.google.com https://www.google-analytics.com https://m.addthis.com https://s7.addthis.com https://in.api4load.net https://cdn.cookielaw.org https://bam.nr-data.net https://bam-cell.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://privacyportal-eu.onetrust.com wss://chat-eu.freshdesk.com https://ct.pinterest.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com 2
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webtrack.uni-marburg.de https://live.hrz.uni-marburg.de; child-src 'self' https://webtrack.uni-marburg.de; font-src 'self' data:; connect-src 'self' https://webtrack.uni-marburg.de 2
frame-ancestors https://*.1stdibs.com; 2
object-src 'none'; base-uri 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://services.postcodeanywhere.co.uk/ https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src https: data: www.googletagmanager.com; style-src https: 'unsafe-inline' https://services.postcodeanywhere.co.uk/; default-src https:; font-src https: data: 2
default-src 'self'; connect-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; font-src * data:  filesystem:; frame-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; img-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; media-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; object-src * data:  filesystem:  blob:  'unsafe-inline' 'unsafe-eval'; script-src * blob:  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' https://www.a2hosting.com 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2
frame-ancestors https://*.crashplan.com https://*.crashplan.com:4285 https://*.crashplanpro.com https://*.crashplanpro.com:4285 https://*.code42.com https://*.code42.com:4285; https://*.us2.code42.com; https://*.us2.code42.com:4285; 2
object-src 'none'; default-src * 'unsafe-eval' 'unsafe-inline' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.chevron.com https://assetscdn.stackla.com https://widget.stackla.com https://optanon.blob.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://chevron.az1.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://stats.g.doubleclick.net https://chevroncorp.gcs-web.com https://9853044.fls.doubleclick.net https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googleadservices.com https://quiz.chevronstemquiz.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://px.ads.linkedin.com https://analytics.twitter.com https://www.facebook.com https://*.crazyegg.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://10232094.fls.doubleclick.net https://wellplayedtest.s3.us-east-2.amazonaws.com; img-src 'self' data: https://www.chevron.com https://img.youtube.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com https://www.facebook.com https://t.co https://px.ads.linkedin.com https://*.adsymptotic.com https://optimize.google.com blob: https://www.chevron.com; style-src 'self' 'unsafe-inline' https://www.chevron.com https://fonts.googleapis.com https://optanon.blob.core.windows.net https://assetscdn.stackla.com https://vjs.zencdn.net https://optimize.google.com https://fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' https://www.chevron.com https://assetscdn.stackla.com https://fonts.gstatic.com https://optimize.google.com; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors 'self' https://www.stems-music.com; 2
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yell.com https://*.yellqatest.com https://devssopres01-vip.yellgroup.com https://www.google-analytics.com https://*.adtech.de https://*.googlesyndication.com https://sb.scorecardresearch.com https://cdn.mouseflow.com https://*.liveperson.net https://*.lpsnmedia.net https://*.go-mpulse.net https://*.datadoghq-browser-agent.com https://*.threatpulse.net https://maps.googleapis.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://static.cdn-apple.com https://www.googletagmanager.com https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://*.g.doubleclick.net https://5035.xg4ken.com; style-src 'self' 'unsafe-inline' https://*.yell.com https://fonts.googleapis.com https://www.google.com; img-src 'self' data: https: http://*.yellgroup.com; connect-src 'self' https://*.mouseflow.com https://*.go-mpulse.net https://*.datadoghq-browser-agent.com https://rum-http-intake.logs.datadoghq.com https://*.akstat.io https://*.akamaihd.net https://www.google-analytics.com https://*.sendbird.com wss://*.sendbird.com https://*.g.doubleclick.net wss://lo.msg.liveperson.net; font-src 'self' data: https://fonts.gstatic.com; object-src *; media-src 'self' http://cdn.yell.com https://*.lpsnmedia.net; frame-src 'self' https://search.ipromote.com https://ib.adnxs.com https://*.doubleclick.net https://*.yellgroup.com https://*.yellqatest.com https://*.yell.com https://devssopres01-vip.yellgroup.com https://www.facebook.com https://www.google.com https://*.lpsnmedia.net https://*.liveperson.net https://*.youtube.com; 2
default-src 'self' *.lexmark.com lexmark.122.2o7.net assets.adobedtm.com *.adsrvr.org s.amazon-adsystem.com s3.amazonaws.com s3.eu-central-1.amazonaws.com *.boldchat.com ipinfo.io maxcdn.bootstrapcdn.com dpm.demdex.net lexmark.demdex.net *.digitalriver.com *.doubleclick.net *.eloqua.com img.en25.com cm.everesttech.net ssl.google-analytics.com www.google-analytics.com www.googleadservices.com maps.googleapis.com ssl.p.jwpcdn.com jwpltx.com snap.licdn.com www.linkedin.com *.omtrdc.net *.salesloft.com *.srv.stackadapt.com vidassets.terminus.services lexmark.verifyit.us 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com fonts.gstatic.com; style-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com fonts.googleapis.com tags.srv.stackadapt.com 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /bin/lexmark/csp-report; report-to lxk-report 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.googletagmanager.com *.visualwebsiteoptimizer.com *.fullstory.com *.crazyegg.com *.whova.com whova.com *.cloudfront.net *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com *.dafdirect.org; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' assets-cdn.github.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com *.dafdirect.org; frame-src 'self' *.soundcloud.com *.jotform.com whova.com *.whova.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.com e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org  *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' arbordayblog.org *.saashr.com *.google-analytics.com *.fullstory.com *.jotform.com cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu; 2
frame-ancestors 'self' https://*.wikiloc.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 2
frame-ancestors 'self' *.winfuture.de *.winfuture.mobi; 2
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com; report-uri /report-csp-violation 2
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:; 2
frame-ancestors https://*.ionos.fr https://ionos.fr; 2
frame-ancestors 'self' file: filesystem: ionic: http://localhost:8080; 2
frame-ancestors 'self' https://*.duke-energy.com https://my347363-sso.crm.ondemand.com https://my347363.crm.ondemand.com 2
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.google.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://*.sharethis.com https://platform.twitter.com/widgets.js https://assets.juicer.io/embed.js https://static.addtoany.com/menu/page.js https://pagecdn.io/ https://maps.googleapis.com https://cdn.jsdelivr.net https://www.recaptcha.net https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com gavialliancecareers.secure.force.com https://optimize.google.com https://www.googleoptimize.com/ https://connect.facebook.net *.flowpaper.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://assets.juicer.io/embed.css https://fonts.googleapis.com/ https://tagmanager.google.com https://cdn.jsdelivr.net https://optimize.google.com *.flowpaper.com; img-src 'self' data: https:;; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org/ https://datawrapper.dwcdn.net/ https://docs.google.com/ https://player.vimeo.com/ https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com gavialliancecareers.secure.force.com https://www.slideshare.net/ https://syndication.twitter.com/ https://optimize.google.com *.flowpaper.com https://counter.theconversation.com https://www.recaptcha.net; frame-ancestors 'self'; child-src blob:; font-src 'self' https://fonts.gstatic.com https://static.juicer.io https://www.slideshare.net/ https://use.typekit.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
base-uri 'none'; default-src 'self'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com https://*.facebook.com https://*.google.com; connect-src 'self' https://*.mopinion.com https://*.addthis.com https://www.clarity.ms https://www.google-analytics.com; font-src 'self' https://use.fontawesome.com https://*.mopinion.com https://fonts.gstatic.com https://unpkg.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://* * blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com https://*.mopinion.com https://connect.facebook.net https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://*.facebook.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://pagination.js.org https://cdnjs.cloudflare.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net https://*.mopinion.com https://use.fontawesome.com https://*.addthis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName; upgrade-insecure-requests 2
default-src 'self' 'unsafe-eval' https://*.tgdd.vn https://*.thegioididong.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://secure.livechatinc.com https://*.api.useinsider.com https://vuivuilocal.firebaseapp.com https://thegioididong.typeform.com https://embed.24liveblog.com https://node.24live.co https://googleads.g.doubleclick.net https://static.apester.com https://*.doubleclick.net https://*.thegioididong.com https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com https://vars.hotjar.com/; media-src 'self' https://cdn.livechatinc.com https://www.dienmayxanh.com https://cdn.fbsbx.com https://*.tgdd.vn https://*.thegioididong.com; connect-src 'self' https://*.useinsider.com https://*.api.useinsider.com https://stats.g.doubleclick.net https://vc.hotjar.io https://in.hotjar.com https://sample-api-v2.crazyegg.com https://tracking.crazyegg.com https://www.facebook.com wss://socket.24live.co wss://connect.24liveplus.com https://stats.qmerce.com https://api.mixpanel.com https://*.twitter.com https://renderer.qmerce.com https://*.apester.com https://display.apester.com https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com connect.facebook.net *.ampproject.net cdn.ampproject.org script.crazyegg.com https://*.google.com https://*.thegioididong.com https://*.dienmayxanh.com wss://*.dienmayxanh.com wss://*.thegioididong.com; object-src 'self'; report-uri /lien-he/ 2
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 2
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'report-sample' 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'report-sample' 'self' https://fonts.gstatic.com https://www.mbank.pl; connect-src 'report-sample' 'self' https://ad.doubleclick.net https://adservice.google.com https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://lp.skp.mbank.pl https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'report-sample' 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'report-sample' 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'report-sample' 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'report-sample' 'self' https://www.mbank.pl;  2
frame-ancestors 'self' https://app.optimizely.com 2
default-src blob: data: https://*.akamaihd.net https://*.akamaized.net https://*.footprint.net https://*.linkpulse.com https://*.svt.se https://*.svtplay.se https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.codigo.se https://pp.lp4.io http://pp.lp4.io https://sb.scorecardresearch.com https://sentry.io https://time.akamai.com https://trafficgateway.research-int.se https://www.gstatic.com http://www.gstatic.com https://www.svtstatic.se https://track.adform.net https://s2.adform.net https://c1.adform.net https://server.seadform.net 'self' 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/; report-uri https://portlandgov.report-uri.com/r/d/csp/enforce 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com  https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.netapp.com *.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.flixsyndication.net *.adobe.com *.hotjar.io *.eloqua.com *.gstatic.com *.ensighten.com app.leadsrx.com *.turnto.com snap.licdn.com *.hs-scripts.com *.teads.tv *.ispot.tv *.youvisit.com www.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com alb.reddit.com *.adsrvr.org;style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com *.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com *.syndigo.com *.syndigo.cloud;img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com p.adsymptotic.com loadm.exelator.com *.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net *.core.windows.net wac.edgecastcdn.net snap.licdn.com *.teads.tv *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com alb.reddit.com *.adsrvr.org;frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com cl.s4.exct.net *.youvisit.com www.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org;font-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.cnetcontent.com *.demdex.net *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.cloudfront.net data: *.flixsyndication.net *.typekit.net *.adobe.com *.syndigo.com *.syndigo.cloud;connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io app.leadsrx.com *.turnto.com *.teads.tv *.ispot.tv *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com;object-src 'self' a.sellpoint.net;worker-src 'self' *.cloudfront.net blob:;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com www.youtube.com blob: *.flixsyndication.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com; 2
frame-ancestors vidiq-marketing-cms.now.sh vidiq-marketing-cms-git-dev.vidiq.now.sh vidiq-marketing-cms-git-staging.vidiq.now.sh vitals.vercel-analytics.com localhost:3333 2
frame-ancestors 'self' https://content.rockwellautomation.com; 2
frame-ancestors https://www.squarespace.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.stripe.com *.braintreegateway.com *.braintree-api.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com  *.podium.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com  *.podium.com static.cloudflareinsights.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com i0.wp.com i1.wp.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com maps.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com *.kaptcha.com; 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 2
img-src * data: blob:; 2
connect-src consumer.krxd.net https://connect.facebook.net edgeapi.ace.teliacompany.net webprovisions-labs.humany.net 'self' telia-se.blueconic.net stats.g.doubleclick.net www.google.se telia-natcenter.humany.net cgchat.callguide.telia.com cdn.blueconic.net pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com; default-src localhost:41680 'self'; font-src https://fonts.gstatic.com webprovisions-labs.humany.net 'self' telia.humany.net data: telia-natcenter.humany.net; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com wds-s.ace.teliacompany.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src img.youtube.com https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com telia-se.blueconic.net stats.g.doubleclick.net www.google.se telia-natcenter.humany.net beacon.krxd.net d6tizftlrpuof.cloudfront.net cdn.blueconic.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net data: media.krxd.net www.google-analytics.com humany.blob.core.windows.net; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' cdn.krxd.net https://www.facebook.com telia-natcenter.humany.net cdn.blueconic.net www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com consumer.krxd.net https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net telia-se.blueconic.net wds.ace.teliacompany.com beacon.krxd.net cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net 'unsafe-eval' media.krxd.net; style-src https://tagmanager.google.com 'unsafe-inline' core.dc.teliacompany.net https://optimize.google.com webprovisions-labs.humany.net 'self' telia-se.blueconic.net wds.ace.teliacompany.com telia-natcenter.humany.net d6tizftlrpuof.cloudfront.net cdn.blueconic.net core.dch.got.telia.se wds-s.ace.teliacompany.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net media.krxd.net https://fonts.googleapis.com 2
default-src 'self' 'report-sample'; object-src 'self' *.aleks.com *.connectmath.com www.viddler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aleks.com *.connectmath.com www.youtube.com s.ytimg.com ssl.p.jwpcdn.com cdn.mathjax.org cdnjs.cloudflare.com connect.facebook.net rum-static.pingdom.net munchkin.marketo.net js.braintreegateway.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com linkhelp.clients.google.com static.cdn-ec.viddler.com 'report-sample'; style-src 'self' 'unsafe-inline' *.aleks.com *.connectmath.com fonts.googleapis.com static.cdn-ec.viddler.com; connect-src 'self' *.aleks.com *.connectmath.com *.mktoresp.com *.mktoutil.com api.viddler.com subtitles.cdn-ec.viddler.com www.facebook.com www.googleapis.com stats.g.doubleclick.net *.pingdom.net api.sandbox.braintreegateway.com *.sandbox.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com; font-src 'self' static.aleks.com static.connectmath.com themes.googleusercontent.com fonts.gstatic.com data:; media-src  *.aleks.com *.connectmath.com s3.amazonaws.com aleks-corp.s3.amazonaws.com mcgrawhill-vfs.cdn-ec.viddler.com www.viddler.com data: about:; img-src https://* data: blob:; frame-src * ldb1: data:; base-uri 'self'; report-uri /aleks/csp_report?stamp=web2021050401 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
frame-ancestors 'self' *.ibm.com ; child-src blob: * 2
default-src 'self' https://darksky.wufoo.com maps.darksky.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' http://storage.googleapis.com https://www.wufoo.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.wufoo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com 2
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.hifiona.com *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.bc0a.com *.nextinsure.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.transunion.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 2
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 2
frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 2
frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com prod-express.primexbt.com; 2
frame-ancestors 'self' http://www.kayak.com.au https://checkin.si.amadeus.net https://pdt.checkin.amadeus.net http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ https://ma-stage64-01.adobecqms.net/ https://ma-sit64.adobecqms.net/ https://ma-dev64.adobecqms.net/ https://goingplacesmy.staging.wpengine.com/ https://goingplaces.malaysiaairlines.com/ 2
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 2
upgrade-insecure-requests; block-all-mixed-content;img-src 'self' data: https:;script-src  'unsafe-inline' 'unsafe-eval' https:;style-src  'unsafe-inline' 'unsafe-eval' https: ;frame-ancestors 'none'; 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr 2
frame-ancestors 'self' https://*.yandex.ru https://yastatic.net http://*.webvisor.com http://webvisor.com; 2
frame-ancestors 'self' https://www.tail.digital https://tail.digital; 2
frame-ancestors 'self' *.egain.cloud; 2
default-src 'self' https://play.vidyard.com *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://srvfrontcer.claro.com.co:7002 https://widget.sndcdn.com *.sndcdn.com https://js-agent.newrelic.com *.newrelic.com https://bam.nr-data.net *.nr-data.net *.claro.com.co *.claro.com *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com *.amazonaws.com https://s3.amazonaws.com https://static.opentok.com https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://widget.sndcdn.com *.sndcdn.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://play.vidyard.com *.vidyard.com https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://code.angularjs.org https://player.vimeo.com *.vimeo.com *.angularjs.org *.browseranalytic.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net; img-src 'self' data: https://* https://srvfrontcer.claro.com.co:7002 https://a.tribalfusion.com *.tribalfusion.com https://dpm.demdex.net *.demdex.net *.claro.com.co *.claro.com *.cloudfront.net *.px.ads.linkedin.com *.linkedin.com *.facebook.com *.amazonaws.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://vop.sundaysky.com *.sundaysky.com https://s3.amazonaws.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com *.cloudfront.net https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com *.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://i1.sndcdn.com *.sndcdn.com https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self' https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com *.googleadservices.com *.grupobancolombia.com *.amazonaws.com *.cloudfront.net https://s3.amazonaws.com https://static.zdassets.com *.zdassets.com https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data:; frame-src 'self' https://* https://srvfrontcer.claro.com.co:7002 https://widget.spreaker.com *.spreaker.com *.claro.com.co *.claro.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://series1.cma.com.br *.cma.com.br https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; style-src 'self' 'unsafe-inline' https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.bancolombia.com *.amazonaws.com https://s3.amazonaws.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://cdn2.hubspot.net https://assets.vidyard.com *.vidyard.com *.hubspot.net https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com; connect-src 'self' https://* https://bam.nr-data.net *.nr-data.net https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://gms-digitales.claro.com.co:8443 *.claro.com.co:8443 *.claro.com.co:8030 https://webrtc.claro.com.co:8030 *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com https://external.apps.bancolombia.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com *.amazonaws.com https://s3.amazonaws.com *.claro.com.co *.claro.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co *.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co:7002 *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://external-qa.apps.ambientesbc.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; font-src 'self' data: https://* https://srvfrontcer.claro.com.co:7002 https://www.grupobancolombia.com *.grupobancolombia.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com https://jsbin-user-assets.s3.amazonaws.com *.amazonaws.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.co https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com; 2
frame-ancestors self googletagmanager.com cerebro.alibaba.ir 2
frame-ancestors https://*.ionos.mx https://ionos.mx; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development 2
frame-ancestors 'self' https://amd.pathfactory.com 2
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; frame-ancestors 'none'; worker-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.google.com https://*.brightcove.com https://*.akamaihd.net https://*.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://www.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com blob: data:;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://www.classmarker.com https://cdn.ckeditor.com blob:;                     font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: about:;                     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com;                     img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.crossref.org https://stats.g.doubleclick.net https://*.brightcove.com http://*.brightcove.com https://*.boltdns.net https://imagebank.osa.org https://account.osa.org https://cdn.ckeditor.com;                     object-src 'self' 'unsafe-inline' https://*.akamaihd.net https://*.boltdns.net; 2
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2
frame-ancestors 'self' *.cipdcommerce.com *.cipd.co.uk; 2
frame-ancestors 'self' *.amadeus.com *.amadeus.net rentacar.aegeanair.com rentacar.olympicair.com e-ticket.aegeanair.com e-ticket.olympicair.com *.mscgn.de mobile.aegeanair.com kontastousneous.gr 2
default-src 'self'; connect-src 'self' https://col.site24x7rum.com https://app.litmusworld.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com   https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ ; img-src 'self' https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com data: ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' bytedance: https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ ; object-src 'self' https://docs.google.com/ ; frame-ancestors https://*.tatasky.com ; 2
frame-ancestors 'self' https://*.clio.com https://cliocloudconference.com https://events1.social27.com 2
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com www.mobilevirtualtour.com samsung-tmo-stage.herokuapp.com 5g.samsungtmobile.com www.uscellular.com wesit11.we-nonprod.uscc.com wesitaem.we-nonprod.uscc.com 2
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob: 2
frame-ancestors 'self' https://*.designcrowd.com; 2
frame-ancestors *.procore.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; 2
frame-ancestors https://*.ionos.es https://ionos.es; 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://tagmanager.google.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.utsouthwestern.edu *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2
frame-ancestors 'self' *.kanopystreaming.com *.kanopy.com 2
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 2
frame-src app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 2
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.cookielaw.org; font-src 'self' data: *.kinstacdn.com fonts.gstatic.com *.slidesharecdn.com; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.marketo.com *.marketo.net *.cookiebot.com html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com px.ads.linkedin.com googleads.g.doubleclick.net www.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net *.cookiebot.com static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com fonts.googleapis.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 2
frame-ancestors 'self' https://documentation.sisense.com/; 2
default-src 'self' *.brainshark.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.visualwebsiteoptimizer.com ga.clearbit.com sfc.leadspace.com cdn.cookielaw.org *.onetrust.com www.google-analytics.com snap.licdn.com connect.facebook.net *.marketo.net *.marketo.com tracking.g2crowd.com *.6sc.co *.instagram.com *.disqus.com *.newrelic.com https://js.driftt.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com fonts.googleapis.com *.marketo.com; img-src 'self' *.brainshark.com www.googletagmanager.com privacy-policy.truste.com *.6sc.co data: *.visualwebsiteoptimizer.com *.linkedin.com *.facebook.com www.google-analytics.com *.marketo.com *.google.com *.linkedin.com; frame-src 'self' *.brainshark.com *.instagram.com *.facebook.com *.marketo.com *.disqus.com https://js.driftt.com; font-src 'self' *.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' cdn.cookielaw.org sfgw.leadspace.com *.mktoresp.com *.doubleclick.net *.facebook.com *.google-analytics.com *.6sense.com *.6sc.co *.adnxs.com *.onetrust.com *.mktoutil.com *.google.com *.brainshark.com; report-uri /report-csp-violation 2
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com 2
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://script.hotjar.com/ https://secure.wufoo.com/scripts/embed/form.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://www.wufoo.com/scripts/embed/form.js https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/ https://www.recaptcha.net/; img-src 'self' https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/maps/vt https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://px.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://t.co/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://www.google-analytics.com https://rp.liadm.com/; plugin-types application/pdf application/xml 2
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https: 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar alpha.viapais.com.ar *.alpha.viapais.com.ar beta.viapais.com.ar *.beta.viapais.com.ar prepro.viapais.com.ar *.prepro.viapais.com.ar cdn.ampproject.org *.cdn.ampproject.org google.com *.google.com google.com.ar *.google.com.ar; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://jobs.jobvite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net, img-src 'self' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', form-action 'self' 2
frame-ancestors 'self' https://www.scottishfa.co.uk/ https://creative.dailymail.co.uk/ https://www.dailymail.co.uk/ https://www.w3schools.com/ 2
default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
script-src 'self' www.dbschenker.com 'unsafe-inline' 'unsafe-eval' *.adobedtm.com img.en25.com https://cdn.eschenker.dbschenker.com www.google.com www.gstatic.com ecm-mediathek-deutschebahn.cdn.mediamid.com ssl.p.jwpcdn.com platform.twitter.com cdn.syndication.twimg.com s3.eu-central-1.amazonaws.com/dbschenkercom-cdn/; report-uri https://dis-sentry.schenker.sh/api/45/security/?sentry_key=02dc3484201d4d1b8bcbc0adfa098fa8 2
frame-ancestors 'self' *.regmovies.com *.authorize.net 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://w.soundcloud.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.vimeo.com https://vimeo.com/api/oembed.json https://ajax.cloudflare.com https://player.vimeo.com https://static.oktopost.com/oktrk.js https://okt.to https://crmemails.ogilvy.com https://secure.link5view.com https://tag.demandbase.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://static.addtoany.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://okt.to https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://secure.link5view.com https://crmemails.ogilvy.com https://match.prod.bidr.io https://segments.company-target.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://static.addtoany.com; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://tagmanager.google.com data:; connect-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://api.company-target.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 2
frame-ancestors 'self' https://teams.microsoft.com https://teams.microsoft.us https://local.teams.office.com https://int.teams.microsoft.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms; report-uri /cspreport 2
frame-ancestors 'self' *.crestron.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: 'self' data:; img-src https: 'self' data:; 2
frame-ancestors * 'self'; 2
default-src https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; style-src 'self' 'unsafe-inline' https://cdn.flowplayer.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https://www.google.com https://www.google.pl https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.flowplayer.com https://cdn.ampproject.org https://tpc.googlesyndication.com http://ckeditor.iframe.ly https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://adservice.google.com https://adservice.google.pl https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hit.gemius.pl https://connect.facebook.net https://platform.twitter.com; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://play.lwcdn.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.com https://*.googlesyndication.com https://www.google-analytics.com https://csi.gstatic.com https://www.google-analytics.com; object-src 'self'; frame-src 'self' https://iframe.dacast.com https://images.dacast.com https://webstreaming.europarl.europa.eu https://multimedia.europarl.europa.eu https://*.dcs.redcdn.pl https://ljsp.lwcdn.com https://igrafika.pap.pl https://*.googlesyndication.com https://www.youtube.com https://www.google.com https://infostrefa.tv https://*.hit.gemius.pl https://maps.google.com https://www.facebook.com https://platform.twitter.com; base-uri 'self'; 2
default-src 'self' 'unsafe-inline' *.bzga.de *.creativecommons.org https://www.youtube-nocookie.com data:; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com 2
frame-ancestors 'self' *.sgx.com 2
default-src 'self' https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com http://w.soundcloud.com https://*.soundcloud.com http://platform.instagram.com https://platform.instagram.com https://randomhouse.scnem.com https://cloudbridge.eu http://cloudbridge.eu https://sharingbox.rhspecial.de https://*.google.com https://www.youtube-nocookie.com https://s7.addthis.com https://www.facebook.com/ https://vars.hotjar.com/ https://cdn.podigee.com/ https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://*.instagram.com https://*.pinterest.com; connect-src 'self' http://*.issuu.com https://*.issuu.com http://*.digitalstores.net https://*.digitalstores.net https://www.facebook.com https://*.randomhouse.de  https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.google-analytics.com https://*.g.doubleclick.net http://*.playbuzz.com https://*.playbuzz.com  https://*.addthis.com http://*.addthis.com http://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://ct.pinterest.com https://book-base.de https://*.tiktok.com; font-src 'self' fonts.gstatic.com https://use.typekit.net/ https://cdn.podlove.org/ http://script.hotjar.com https://script.hotjar.com https://*.podigee.com; frame-ancestors 'self' https://open.spotify.com http://rhdemobilepreview:28080/ http://rhdemobilepreview:28081/ ; frame-src 'self' https://audionow.de/ https://open.spotify.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://s7.addthis.com/ https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com http://w.soundcloud.com https://*.soundcloud.com http://platform.instagram.com https://platform.instagram.com https://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://cloudbridge.eu http://cloudbridge.eu https://sharingbox.rhspecial.de  https://*.google.com  https://www.youtube-nocookie.com https://s7.addthis.com  https://cdn.podigee.com/  https://*.twitter.com https://*.instagram.com https://*.pinterest.com https://*.audionow.de https://book-base.de; img-src 'self' data: www.google-analytics.com csi.gstatic.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com http://platform.twitter.com https://*.twimg.com http://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://randomhouse.scnem.com https://www.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com http://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://cx.atdmt.com https://cs.lkqd.net ttps://maps.gstatic.com https://maps.googleapis.com https://*.hotjar.com http://*.hotjar.com  https://*.smartadserver.com https://www.penguinrandomhouse.de https://book-base.de; manifest-src 'self' data: www.google-analytics.com csi.gstatic.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com http://platform.twitter.com https://*.twimg.com http://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://randomhouse.scnem.com https://www.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com http://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://cx.atdmt.com https://cs.lkqd.net ttps://maps.gstatic.com https://maps.googleapis.com https://*.hotjar.com http://*.hotjar.com  https://*.smartadserver.com https://www.penguinrandomhouse.de https://book-base.de; media-src 'self' 10.4.91.62 www.penguinrandomhouse.de https://book-base.de; object-src 'self' 10.4.91.62 www.penguinrandomhouse.de; report-to /ContentSecurityPolicyReporter; script-src 'self' https://*.outbrain.com/ https://s.pinimg.com rhspecials.penguinrandomhouse.de www.penguinrandomhouse.de 'unsafe-eval' 'unsafe-inline' http://e.issuu.com/embed.js https://e.issuu.com/embed.js https://*.googleapis.com *.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com http://platform.instagram.com https://platform.instagram.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://randomhouse.scnem.com http://randomhouse.scnem.com  https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de https://secure.quantserve.com https://rules.quantcount.com  https://*.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.gstatic.com https://connect.facebook.net  https://cdn.adrtx.net  http://vgrh.stage.digitalstores.net https://stage.digitalstores.net https://www.googleadservices.com https://layover.penguinrandomhouse.de  https://layover.randomhouse.de https://www.bic-media.com https://*.g.doubleclick.net https://www.facebook.com https://*.playbuzz.com http://*.playbuzz.com https://cdnjs.cloudflare.com https://s7.addthis.com http://s7.addthis.com http://m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com http://m.addthis.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com http://tagmanager.google.com https://s.ytimg.com https://*.podigee.com https://randomhouse.digitalstores.net/pbs.2.js https://cdn.podlove.org  https://*.hotjar.com https://www.instagram.com https://*.pinterest.com https://*.tiktok.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com http://platform.twitter.com https://*.twimg.com  https://res-format-story.playbuzz.com https://optimize.google.com https://*.typekit.net https://cdn.podlove.org/ https://*.podigee.com; worker-src * 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com florenceva.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.epic.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src i.ytimg.com www.epic.com www-dev.epic.com ehrn.org ehrnprd.blob.core.windows.net 'self' data:; frame-src 'self' https://www.youtube.com 2
frame-ancestors 'self' *.tdworldwide.com *.techdata.com *.techdata.ca *.cstenet.com *.techdata.eu; 2
default-src 'self'; script-src https://www.dropbox.com https://api.trello.com 'self' https://viewer.diagrams.net https://storage.googleapis.com https://apis.google.com https://*.pusher.com https://code.jquery.com 'sha256-5DtSB5mj34lxcEf+HFWbBLEF49xxJaKnWGDWa/utwQA=' 'sha256-8HtpzsH4zj5+RKfTWMxPmWJKBu0OYbn+WuPrLbVky+g=' 'sha256-gCA3yqbX5kV5cXQOyvSd4v54e8cOLCBlaKU4tuhJF3Y=' 'sha256-ZMnCMK9Jg5ijd0Viqw4KAFn39HeC1LrVwervb9uC7Mo=' 'sha256-KgVey3Yy0LCtaUZnD77KXAark2kZ3wS5HGa+tyAkR28=' 'sha256-1k6pyjDIKgd1KTCRcmDfV6Yc9vgQexHRTiO4zUBoKg8=' 'sha256-/fZb/J4FQmI/TwyxqJbvALWSyGVEvnTrlj4ZTzZNKzI=' 'sha256-P4E8pNUYsln6/EUZppjCCe8y8lelBYTfsSyLjjFCE5g=' 'sha256-+CrvFhadGyk1VjhHM/t3R88LNSEKManW3TGSZi9fmHQ=' 'sha256-JqdgAC+ydIDMtmQclZEqgbw94J4IeABIfXAxwEJGDJs=' 'sha256-vS/MxlVD7nbY7AnV+0t1Ap338uF7vrcs7y23KjERhKc=' 'sha256-dIEi9UhRQPcyoE9/RPfkIPLe2mSS8oQzwabGMLAZzGE=' 'sha256-4Dg3/NrB8tLC7TUSCbrtUDWD/J6bSLka01GHn+qtNZ0=' ; connect-src https://*.dropboxapi.com https://api.trello.com 'self' https://*.draw.io https://*.diagrams.net https://*.googleapis.com wss://*.pusher.com https://*.pusher.com https://api.github.com https://raw.githubusercontent.com https://gitlab.com https://graph.microsoft.com https://*.sharepoint.com https://*.1drv.com https://dl.dropboxusercontent.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; frame-src 'self' https://viewer.diagrams.net https://www.draw.io https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self' https://teams.microsoft.com; 2
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 2
default-src 'self' *.uci.ch *.uci.org *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.cloudflare.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.twitter.com *.cloudflare.com *.googletagmanager.com *.jquery.com; font-src 'self' *.uci.ch fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src  'self' *.uci.ch *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://scontent-zrh1-1.cdninstagram.com; media-src 'self' data: blob: https://video-zrh1-1.cdninstagram.com; frame-src 'self' *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com *.tissottiming.com *.youtube.com *.chronorace.be chronorace.blob.core.windows.net *.facebook.com; frame-ancestors 'self' *.uci.ch *.uci.org; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; 2
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 2
upgrade-insecure-requests; frame-ancestors 'none'; 2
default-src 'none'; img-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com  https://images.ctfassets.net https://downloads.ctfassets.net https://www.gstatic.com https://ssl.gstatic.com https://platform.twitter.com https://obs.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.cookielaw.org https://i.creativecommons.org https://licensebuttons.net; media-src 'self' https://videos.ctfassets.net https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://cookies.onetrust.mgr.consensu.org https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://privacyportal-eu.onetrust.com; connect-src 'self' https://cdn.contentful.com https://preview.contentful.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://sentry.io https://cdn.cookielaw.org https://api.twitter.com; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com data: https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://github.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com/ https://platform.twitter.com https://ton.twimg.com; manifest-src 'self'; worker-src 'self'; child-src 'self'; upgrade-insecure-requests 2
default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/  http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com https://alteryz.s3.amazonaws.com/copalove/ https://script.googleusercontent.com https://*.perfdrive.com https://everymundo.github.io http://docs/themes/cm/index.isolated.cm.css https://www.kayak.com 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.raxcdn.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://flockler.embed.codes/62wAnK *.gstatic.com *.flockler.com *.pinterest.com *.addtoany.com *.paypal.com *.ytimg.com *.youtube.com www.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com www.snta0034.com *.rnib.org.uk *.paypalobjects.com collector-1065.tvsquared.com app.vwo.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net maps.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com *.google-analytics.com ajax.googleapis.com *.hotjar.com *.hotjar.io *.bing.com; style-src 'self' 'unsafe-inline' *.rnib.org.uk https://tagmanager.google.com https://fonts.googleapis.com app.vwo.com fonts.googleapis.com *.flockler.com; img-src 'self' data: *.linkedin.com *.cloudfyprod.com *.rackcdn.com *.cdninstagram.com *.google.co.uk *.google.com *.instagram.com *.pinterest.com *.rnib.org.uk *.paypalobjects.com https://ssl.gstatic.com https://www.gstatic.com *.paypal.com collector-1065.tvsquared.com maps.googleapis.com *.googletagmanager.com maps.gstatic.com csi.gstatic.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net dev.visualwebsiteoptimizer.com *.hotjar.com *.hotjar.io *.bing.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk; font-src 'self' data: app.vwo.com *.rnib.org.uk *.rnib.panlogic.co.uk fonts.gstatic.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.pinterest.com *.addtoany.com google.com *.google.com *.paypal.com app.vwo.com youtube.com *.youtube.com *.hotjar.com *.hotjar.io; upgrade-insecure-requests; report-uri https://report-uri.io/report/37d691f11ddee70a60a651059fdfc1dc; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com *.paypal.com dev.visualwebsiteoptimizer.com bam-cell.nr-data.net bam.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com 2
frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 2
frame-ancestors 'self' *.antena3.com *.lasexta.com *.atresmedia.com *.ondacero.es *.europafm.com *.melodia-fm.com *.atresplayer.com *.staging.atresplayer.com http://*.antena3tv.es 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
frame-src 'self' https://www.google.com *.youtube.com https://*.hubspot.com https://www.facebook.com https://s-static.ak.facebook.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://www.snigel.com https://maps.googleapis.com; connect-src 'self' *.snigelweb.com https://*.hubspot.com https://www.google-analytics.com  https://www.google.com https://www.gstatic.com; font-src 'self' *.snigelweb.com https://fonts.gstatic.com https://themes.googleusercontent.com https://snigel.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net  https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://js.hs-banner.com *.snigelweb.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.google-analytics.com https://js.usemessages.com https://ssl.google-analytics.com https://js.hs-scripts.com https://www.googletagmanager.com https://connect.facebook.net *.youtube.com *.aniview.com *.avplayer.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' * *.google.com *.snigelweb.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://forms.hsforms.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://snigel.com https://www.googletagmanager.com https://*.hubspot.com https://www.google-analytics.com data:; media-src 'self' *.youtube.com *.snigelweb.com *.aniview.com; object-src 'self'; form-action 'self' *.snigelweb.com https://*.hubspot.com https://forms.hsforms.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://js.hs-banner.com *.snigelweb.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.google-analytics.com https://js.usemessages.com https://ssl.google-analytics.com https://js.hs-scripts.com https://www.googletagmanager.com https://connect.facebook.net https://maps.gstatic.com https://i.ytimg.com https://forms.hsforms.com https://secure.gravatar.com https://s-static.ak.facebook.com https://snigel.com https://*.hubspot.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com data: 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com www.google-analytics.com cdn.jsdelivr.net *.brightcove.com *.doubleclick.net *.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com www.youtube.com https://www.facebook.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.google.com/recaptcha/ https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://forms.hsforms.com https://js.hsforms.net https://hypothes.is https://cdn.hypothes.is https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.hypothes.is https://platform.twitter.com https://ton.twimg.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.hypothes.is https://dev-webhypothesis.pantheonsite.io https://qa-webhypothesis.pantheonsite.io https://live-webhypothesis.pantheonsite.io; 2
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz https://*.televizeseznam.cz https://*.seznam.cz; report-uri /cspreport; 2
frame-ancestors 'self' *.miniorange.com 2
frame-ancestors 'self' https://*.fdj.fr; 2
frame-ancestors https://www.myaspectra.ch 'self'; 2
default-src 'self' ; font-src 'self' data: https://static.smartframe.io https://fonts.gstatic.com https://js.arcgis.com ; img-src 'self' data: blob: https://www.google-analytics.com http://www.googletagmanager.com  https://static.smartframe.io https://thumbs.smartframe.io https://thumbs-cdn.smartframe.io https://syndication.twitter.com  https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://t.co https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://js.arcgis.com  https://services.arcgisonline.com https://server.arcgisonline.com https://utility.arcgis.com *.historicengland.org.uk *.historic-england.org https://img.youtube.com https://i.ytimg.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://app.getsitecontrol.com ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://js.arcgis.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://static.smartframe.io https://rum-static.pingdom.net https://www.googletagmanager.com  https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com http://connect.facebook.net http://www.instagram.com https://js.arcgis.com https://az416426.vo.msecnd.net https://e.infogram.com https://s.ytimg.com https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://widgets.getsitecontrol.com https://st.getsitecontrol.com https://embed.typeform.com https://script.crazyegg.com https://heritage.candle.digital https://www.youtube.com https://utility.arcgis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://platform.instagram.com https://www.arcgis.com https://cc.cdn.civiccomputing.com https://secure.sitemorse.com ; frame-src 'self' *.youtube.com https://www.youtube-nocookie.com https://englishheritage.maps.arcgis.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://sketchfab.com https://www.instagram.com https://www.google.co.uk https://w.soundcloud.com https://heritage.candle.digital https://app.powerbi.com https://e.infogram.com https://www.google.com https://www.smartsurvey.co.uk https://my.matterport.com ; connect-src 'self' blob:  http://rum-collector-2.pingdom.net *.smartframe.io https://www.google-analytics.com https://utility.arcgis.com https://services.arcgisonline.com https://static.arcgis.com https://datahub.esriuk.com https://dc.services.visualstudio.com/v2/track https://stats.g.doubleclick.net https://tracking.crazyegg.com https://script.crazyegg.com *.historic-england.org https://apikeys.civiccomputing.com *.googlesyndication.com; 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
child-src data: https: 'unsafe-inline' https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src data: https: 'unsafe-inline' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline' https://js.intercomcdn.com; img-src data: https: 'unsafe-inline' blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com; media-src data: https: 'unsafe-inline' https://js.intercomcdn.com; script-src data: https: http: 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; base-uri ; form-action https://bookcreator.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://forms.hsforms.com/ https://read.bookcreator.com; frame-ancestors 'self'; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org *.typekit.net *.uhhospitals.org *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com *.bananatag.com bananatag.com *.alpixtrack.com alpixtrack.com *.adxcel-ec2.com *.data.adxcel-ec2.com data.adxcel-ec2.com adxcel-ec2.com 2
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src https://*.mm.dm.de 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src https://*.mm.dm.de 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://cart.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.de https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src https://*.mm.dm.de 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://media.dm-static.com https://*.services.dmtech.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net https://images.podigee-cdn.net; frame-ancestors 'self' https://*.dm.de https://app.datadoghq.eu https://*.lxprod.ka.de.dm-drogeriemarkt.com; frame-src 'self' https://ssl.hurra.com https://*.dm.de https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/ https://hey-familie.podigee.io https://cdn.podigee.com https://player.podigee-cdn.net; base-uri https://*.mm.dm.de 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.de https://checkout.dm.de https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 2
default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com embedr.flickr.com widgets.flickr.com; img-src 'self' blob: data: 'unsafe-inline' placehold.it *.iscte-iul.pt iscte-iul.pt *.googleapis.com *.gstatic.com *.google-analytics.com www.google.com www.google.pt www.linkedin.com stats.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com live.staticflickr.com *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.clarity.ms *.googleapis.com *.google-analytics.com www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com embedr.flickr.com widgets.flickr.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; connect-src 'self' *.google-analytics.com *.clarity.ms embedr.flickr.com; frame-src 'self' *.google.com *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com https://www.strava.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com *.gstatic.com 2
frame-src 'self' player.vimeo.com www.googletagmanager.com  www.youtube.com *.marketo.com *.widencdn.net *.spe.org cdn.knightlab.com widget.taggbox.com www.google.com www.slideshare.net share.transistor.fm spe.widen.net www.podbean.com ;  report-uri https://www.spe.org/csp/log/ 2
frame-ancestors 'self' admin.truelocal.com.au 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *; upgrade-insecure-requests; 2
frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.marketo.net *.marketo.com siteimproveanalytics.com *.adobe.com *.rlcdn.com *.doubleclick.net *.googleadservices.com *.google-analytics.com  *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.bizible.com *.facebook.net *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net  'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2
sandbox allow-presentation allow-forms allow-same-origin allow-scripts allow-popups allow-modals 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com visitor-service-eu-central-1.tealiumiq.com *.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.tealiumiq.com *.optimizely.com 2
frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://lsapp.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://members-beta.dginstitute.com.au https://members.dginstitute.co/ https://members-beta.dginstitute.co/ https://honcho.com.au https://honcho.com.au:8080 https://infinitedocs.com; 2
default-src 'self' https://www.youtube-nocookie.com https://www.google.com https://js.stripe.com app.hubspot.com https://www.youtube.com/ https://*.doubleclick.net/ https://cdn.plyr.io/ https://www.facebook.com/ https://js.driftt.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.driftt.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ http://www.googletagmanager.com/gtag/js js.hs-scripts.com/ https://*.doubleclick.net/ https://snippet.growsumo.com/growsumo.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/analytics.js https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.stripe.com https://connect.facebook.net/ https://s.ytimg.com/ https://*.remote.com https://*.niceremote.com https://www.google.com https://www.gstatic.com js.usemessages.com https://www.youtube.com/ https://www.googleadservices.com/ https://js.driftt.com; style-src 'self' https://cdn.plyr.io/3.6.2/plyr.css https://*.remote.com https://*.niceremote.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://*.remote.com https://*.niceremote.com; img-src 'self' data: https://www.google.com/ads/ https://www.googletagmanager.com/ *.capterra.com https://*.doubleclick.net/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/ https://www.google.co.in/pagead/ https://*.adsymptotic.com/ https://www.facebook.com/tr/ https://*.remote.com https://*.niceremote.com *.amazonaws.com http://uploads.branded.me https://*.remote.com https://*.niceremote.com https://www.google-analytics.com track.hubspot.com forms.hsforms.com https://i.ytimg.com https://tracking.g2crowd.com https://*.quora.com; media-src 'self' https://*.remote.com https://*.niceremote.com *.amazonaws.com https://*.remote.com https://*.niceremote.com; connect-src 'self' https://grsm.io https://*.remote.com https://*.niceremote.com https://sentry.io https://www.google-analytics.com https://api.hsforms.com/ api.hubspot.com forms.hubspot.com https://noembed.com https://cdn.plyr.io/3.6.2/plyr.svg https://www.facebook.com/tr/ https://*.doubleclick.net/ https://analytics.google.com/ 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.investis.com *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com *.eqs.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com; connect-src 'self' data: ws: blob: *.googleadservices.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com; 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 2
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com *.google.com *.googleadservices.com *.quantserve.com *.ads-twitter.com *.g.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.teads.tv *.demdex.net rules.quantcount.com *.licdn.com; style-src * 'unsafe-inline'; img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com *.google.com pixel.quantserve.com t.co t.teads.tv *.linkedin.com; font-src 'self' s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://cooperativegroup.demdex.net https://forms.office.com  https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.google-analytics.com *.g.doubleclick.net; 2
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com *.carltoncards.ca *.papyrusonline.com 2
default-src  'self' ; connect-src    *;  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.oncehub.com *.wistia.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  img-src    * data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * 'unsafe-inline' 'unsafe-eval';  style-src    * 'unsafe-inline';  2
frame-ancestors 'self' http://*.vodafone.com http://*.vodafone.it https://*.vodafone.com https://*.vodafone.it https://*.adobe.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 2
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.searchengines.guru search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.searchengines.guru chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.searchengines.guru https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.searchengines.guru www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
frame-ancestors 'self' *.clevelandart.org barhama.com *.museums.tours *.treedis.com *.matterport.com 2
frame-ancestors 'self' www.skylinewebcams.com; 2
default-src 'self' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.gbif.org *.google.com *.google-analytics.com fonts.gstatic.com images.ctfassets.net data: api.mapbox.com *.tiles.mapbox.com player.vimeo.com eepurl.com gbif.us18.list-manage.com zenodo.org *.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com api.mapbox.com unpkg.com/react@17/umd/react.production.min.js unpkg.com/react-dom@17/umd/react-dom.production.min.js cdn.jsdelivr.net/gh/gbif/gbif-web@latest/packages/react-components/dist/gbif-react-components.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/mapbox-gl/1.12.0/mapbox-gl.min.css api.mapbox.com;media-src *;img-src * data:;worker-src blob:; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
frame-ancestors *.dowjones.net *.fnlondon.com *.efinancialnews.com *.onservo.com 2
frame-ancestors 'self'; object-src https://*.ediblearrangements.com/; media-src https://*.ediblearrangements.com/ 2
upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 2
worker-src blob: 'self' *.devos.io *.arsysdesarrollo.lan *.pre.naw.arsysdesarrollo.lan *.dev.acs.arsysdesarrollo.lan *.dev.naw.arsysdesarrollo.lan *.arsys.pt *.arsys.es *.arsys.net *.arsys.fr *.shop-mch.es *.1and1.org *.googletagmanager.com *.rankingcoach.com *.facebook.com *.twitter.com *.soportetotal.es *.google.com *.youtube.com *.adition.com *.doubleclick.net *.office.net *.marketingpanel.es *.microsoft.com *.moz.com *.consensu.org *.quantserve.com; 2
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tutanota.com https://api.github.com https://www.reddit.com https://mail.tutanota.com; 2
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2
default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com; frame-ancestors 'self' *.pendo.io *.ethicspointvp.com; 2
frame-ancestors 'self' *.sber.ru *.championat.com 2
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com https://boards.greenhouse.io https://www.surveymonkey.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; media-src 'self' https://345197-1067112-raikfcquaxqncofqfm.stackpathdns.com; frame-ancestors 'self' https: *.influxdata.com; 2
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com 2
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://*.inside-graph.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleaps.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.inside-graph.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 2
default-src https:; script-src 'unsafe-inline' https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com *.userlike.com *.umd.userlike.com wss://umd.userlike.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de d3dc1lgancj6l0.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
connect-src 'self' https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net https://*.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/  https://www.swedbank.se https://swedbank.se https://enklafondhjalpen.swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://swedbank.dfs.investis.com https://agent-ha.nina-nuance.com 2
default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de https://widgets.crosssell.info 'self'; report-uri /backend/csp 2
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' https://iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 2
default-src 'self' *.skat.dk skat.dk ;  script-src 'unsafe-eval' 'unsafe-inline' *.skat.dk skat.dk *.ccta.dk *.readspeaker.com siteimproveanalytics.com https://policy.cookieinformation.com https://policy.app.cookieinformation.com https://ecefinesse.skat.dk https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local d3js.org https://tjektolden.dk https://www.tjektolden.dk https://assets.adobedtm.com https://activitymap.adobe.com https://*.skat.supwizapp.com ;  style-src 'unsafe-inline'  *.skat.dk skat.dk *.ccta.dk *.readspeaker.com https://tjektolden.dk https://www.tjektolden.dk https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local https://supchat.skat.supwizapp.com https://supchat.test.skat.supwizapp.com ;  img-src 'self' data: blob: *.skat.dk skat.dk http://skat.dk  http://www.skat.dk https://info.ccta.dk *.readspeaker.com customer.cludo.com eur-lex.europa.eu skat.sc.omtrdc.net www.supwiz.com ;  font-src 'self' data: *.skat.dk skat.dk ;  connect-src 'self' *.skat.dk skat.dk *.ccta.dk api.cludo.com consent.app.cookieinformation.com dpm.demdex.net test-eceweb.voip.nd.local skat.sc.omtrdc.net supchat.skat.supwizapp.com supchat.test.skat.supwizapp.com wss://supchat.skat.supwizapp.com wss://supchat.test.skat.supwizapp.com *.readspeaker.com ;  frame-src 'self' skat.dk *.skat.dk *.ccta.dk *.readspeaker.com https://media.videotool.dk https://app-eu.readspeaker.com http://www.vurdering.skat.dk https://policy.app.cookieinformation.com https://activitymap.adobe.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local https://ufst.demdex.net ;  media-src 'self' blob: skat.dk *.skat.dk www.skat.dk https://skat.dk https://www.skat.dk *.readspeaker.com https://media.videotool.dk ;  object-src 'self' blob: ;  form-action 'self' *.readspeaker.com ;  frame-ancestors 'self' https://www.sktst.dk https://policy.app.cookieinformation.com ;  report-uri  https://skat.dk/websrv/contentsecurity.ashx;  report-to default 2
frame-ancestors 'self' http://mrgocom01stg.dmz.maggroup.com http://mrgocomforge.dmz.maggroup.com 2
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
frame-ancestors https://*.apus.edu https://*.hondros.edu 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss: https://*.aldi-digital.co.uk https://*.aldi-digital.ie https://www.googleoptimize.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://*.google.com https://www.google.co.uk https://www.google.ie https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.richrelevance.com https://bat.bing.com https://www.awin1.com https://www.dwin1.com https://ads.avocet.io https://acdn.adnxs.com https://ib.adnxs.com https://www.facebook.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://*.doubleclick.net https://*.go-mpulse.net https://ads.avct.cloud https://fast.wistia.net https://*.wistia.com https://assets.pinterest.com https://ct.pinterest.com https://log.pinterest.com https://widgets.pinterest.com https://t.co https://*.queue-it.net https://*.onetrust.com https://*.quantserve.com https://*.bazaarvoice.com https://*.taggstar.com https://*.online-metrix.net https://services.postcodeanywhere.co.uk https://cdnjs.cloudflare.com https://www.zenaps.com https://*.2o7.net https://cm.everesttech.net https://assets.adobedtm.com https://dpm.demdex.net https://aldisued.demdex.net https://aldisued.d3.sc.omtrdc.net https://*.cybersource.com https://*.cardinalcommerce.com https://v1.addthisedge.com https://*.addthis.com https://*.akamaihd.net https://*.akstat.io https://mpsnare.iesnare.com https://the.sciencebehindecommerce.com https://*.moatads.com https://pixel.mediaiqdigital.com https://*.litix.io https://rules.quantcount.com https://*.omtrdc.net https://*.ggpht.com ;frame-src * ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com https://captcha.gecirtnotification.com *.cloudfront.net https://staging-bakerhughs-event.netlify.app https://bakerhughes-subsea-connect-event.netlify.app plausible.io *.cookielaw.org *.onetrust.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/ https://player.vimeo.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 2
policy-uri /'self' 2
default-src matomo.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 2
default-src *;img-src * 'unsafe-inline';frame-src *; style-src * 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://www.enel.it https://enelpremia.enel.it https://*.force.com  https://*.salesforce.com https://*.visualforce.com 2
default-src 'self'; object-src 'none'; img-src * data: blob:; font-src * data:; connect-src 'self' https://ynuf.aliapp.org/ https://translate.googleapis.com wss://www.bilaxy.com wss://bilaxy.com wss://m.bilaxy.com wss://www.bilaxy.io wss://bilaxy.io wss://m.bilaxy.io wss://www.bilaxy.net wss://bilaxy.net wss://m.bilaxy.net https://discovery.amp.cloudflare.com https://bilaxy.zendesk.com/ https://ekr.zdassets.com/ https://newapi.bilaxy.com/ https://newapi.bilaxy.io/ https://newapi.bilaxy.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com cdnjs.cloudflare.com amp.cloudflare.com storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflareinsights.com *.tdum.alibaba.com https://ynuf.aliapp.org/ https://translate.google.com https://translate.googleapis.com storage.googleapis.com ajax.cloudflare.com cdn.polyfill.io amp.cloudflare.com cdnjs.cloudflare.com discovery.amp.cloudflare.com static.zdassets.com ekr.zdassets.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://g.alicdn.com/ https://cf.aliyun.com/ https://ynuf.alipay.com/;frame-src 'self' https://www.google.com/ 2
frame-ancestors https://*.x-cart.com 2
default-src 'none'; style-src 'unsafe-inline' cdn.welcometothejungle.co tagmanager.google.com fonts.googleapis.com optimize.google.com app.getbeamer.com *.axept.io; script-src 'unsafe-inline' cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com *.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com optimize.google.com app.getbeamer.com realtime.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io *.poool.fr; img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com *.axept.io; media-src cdn.welcometothejungle.co; font-src cdn.welcometothejungle.co cdn.welcometothejungle.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io; frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com vars.hotjar.com *.axept.io *.poool.fr; connect-src https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.facebook.com sentry.io popup.wisepops.com app.wisepops.com tracking.wisepops.com cdn.wisepops.com backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com wss://*.hotjar.com vc.hotjar.io ip2c.org autocomplete.geocoder.ls.hereapi.com geocoder.ls.hereapi.com reverse.geocoder.ls.hereapi.com *.batch.com *.axept.io http://cypress.preprod.wttj.tech/zafoh2ie/ae3; worker-src 'self' 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://reports.hrmdirect.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com; style-src 'self' 'unsafe-inline' https://reports.hrmdirect.com https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com; frame-src 'self' https://laborlawyers.hrmdirect.com https://communications.fisherphillips.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://fisherphillips.powtoon.com https://www.podbean.com https://app.powerbi.com; worker-src 'self' blob:; media-src 'self' data: https://vimeo.com https://www.youtube.com; frame-ancestors 'self'; object-src 'self'; 2
default-src 'self'; media-src blob: *.streamlock.net; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; object-src *; frame-ancestors 'self'; child-src * 'self' blob: http:; 2
default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://embed.typeform.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://form.typeform.com https://player.vimeo.com;img-src 'self' * data: blob: about: android-webview-video-poster:;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/interaction/csp-report 2
default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 2
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.wickedreports.com https://*.callrail.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://*.wickedreports.com https://*.callrail.com https://beacon-v2.helpscout.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 2
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarkcountynv.gov  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net ; style-src * 'unsafe-inline' 2
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
default-src 'none'; connect-src 'self' http: https: wss:; font-src 'self' http: https:; form-action 'self' http: https:; frame-src 'self' http: https:; frame-ancestors 'self' http: https:; img-src 'self' 'unsafe-inline' http: https: data:; media-src 'self' http: https:; object-src 'self' http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; worker-src 'self' http: https:; child-src 'self' http: https 2
frame-src https://riksbanken.solidtango.com https://web103.reachmee.com https://www.riksbank.se https://www.google.com https://www.riksdagen.se bankid: 2
default-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com p.typekit.net use.typekit.net csawdfunctions01.azurewebsites.net csawtfunctions01.azurewebsites.net csawpfunctions01.azurewebsites.net csautfunctions01.azurewebsites.net csaupfunctions01.azurewebsites.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat mc.yandex.ru localhost csawpweb01.azurewebsites.net csaupweb01.azurewebsites.net cmsprodeu.csa.cz csa.cz www.csa.cz 'unsafe-inline' csawpcdnep01.azureedge.net csawpsaweb01.blob.core.windows.net csaupcdnep01.azureedge.net csaupsaweb01.blob.core.windows.net dc.services.visualstudio.com fonts.googleapis.com csi.gstatic.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com sstats.csa.cz googleads.g.doubleclick.net www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com www.google.cz www.pages05.net data: static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz www.youtube.com youtube.com www.vimeo.com vimeo.com; script-src 'self' mc.yandex.ru www.dwin1.com googleads.g.doubleclick.net www.google.cz localhost cmsprodeu.csa.cz csa.cz www.csa.cz 'unsafe-eval' 'unsafe-inline' az416426.vo.msecnd.net www.google.com www.gstatic.com maps.googleapis.com assets.adobedtm.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com connect.facebook.net static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz; frame-src www.pages05.net authorize.omniture.com sitecatalyst.omniture.com www.facebook.com www.google.com bid.g.doubleclick.net static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz api.zanox.ws www.youtube.com youtube.com www.vimeo.com vimeo.com; 2
frame-ancestors 'self' https://print.hitched.co.uk 2
frame-ancestors 'self' https://plusoneportal.com; default-src 'self'; script-src 'unsafe-eval' 'report-sample' 'unsafe-inline' 'self' https://*.bizrate.com https://*.tealium.com https://*.tealiumiq.com https://www.youtube.com https://*.ahsfriends.com https://cdn.frontdoorhome.com https://pnapi.invoca.net https://*.optimizely.com https://bat.bing.com https://ext.chtbl.com https://googleads.g.doubleclick.net https://solutions.invocacdn.com https://*.hotjar.com https://participants.evolv.ai https://aa.agkn.com https://rdata.mpio.io https://rum-static.pingdom.net https://overflowworks.com https://request.eprotect.vantivpostlive.com https://code.jquery.com https://com-ahs.netmng.com https://connect.facebook.net https://d.impactradius-event.com https://media.evolv.ai https://pixel.mathtag.com https://request.eprotect.vantivcnp.com https://s.go-mpulse.net https://*.qualtrics.com https://seal.digicert.com https://tag.havasedge.com https://tags.tiqcdn.com https://www.ahs.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://*.googleapis.com https://cdn.frontdoorhome.com https://p.typekit.net https://participants.evolv.ai https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.bizrate.com https://*.tealium.com https://*.tealiumiq.com https://*.hotjar.io https://*.akstat.io https://stats.g.doubleclick.net https://*.zesty.dev https://www.google-analytics.com https://pnapi.invoca.net https://*.split.io https://*.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://*.apis.frontdoorhome.com https://*.optimizely.com https://*.zesty.io https://request.eprotect.vantivpostlive.com https://american-home-shield.sjv.io https://bat.bing.com https://participants.evolv.ai https://c.go-mpulse.net https://*.ingest.sentry.io https://*.qualtrics.com https://*.akamaihd.net https://web.chtbl.com; font-src 'self' https://*.zestyio.com https://fonts.gstatic.com https://*.ahs.com https://cdn.frontdoorhome.com https://*.zesty.io https://use.typekit.net; frame-src 'self' https://*.plusoneportal.com https://*.fls.doubleclick.net https://pixel.mathtag.com https://bid.g.doubleclick.net https://*.hotjar.com https://www.youtube.com https://*.eprotect.vantivpostlive.com https://*.optimizely.com https://cookie.havasedge.com https://*.eprotect.vantivcnp.com https://*.frontdoorhome.com https://www.google.com; img-src 'self' https://*.bizrate.com https://*.tealium.com https://*.tealiumiq.com https://*.trueleadid.com https://*.facebook.net https://*.apxlv.com https://*.doubleclick.net https://*.ahs.com https://www.googletagmanager.com https://iliadm.com https://pippio.com https://dpm.demdex.net https://www.ahs.com https://idsync.reson8.com https://tags.bluekai.com https://p.alcmpn.com https://thrtle.com https://ds.reson8.com https://i.liadm.com https://*.media.zestyio.com https://bat.bing.com https://live.rezync.com https://p.rfihub.com https://segments.company-target.com https://www.google.com https://cdn.frontdoorhome.com https://data.adxcel-ec2.com https://event.havasedge.com https://googleads.g.doubleclick.net https://i.simpli.fi https://idsync.rlcdn.com https://pixel.mathtag.com https://pubads.g.doubleclick.net https://www.facebook.com https://*.qualtrics.com https://www.google-analytics.com data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com;   style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com;   img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com;   media-src 'self' *.ssl.cf1.rackcdn.com data: blob:;   child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io;   connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com; 2
'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com; worker-src https: blob: 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 2
default-src 'self' https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com  https://translate.google.com https://cdn.syndication.twimg.com/ https://docs.google.com https://www.jobapscloud.com https://api.uptimerobot.com https://bam.nr-data.net https://*.curator.io https://kit.fontawesome.com https://ka-p.fontawesome.com browser-update.org browser-update.org https://*.reflector.workers.dev https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://unpkg.com https://tampagov.us12.list-manage.com https://*.cot.workers.dev https://extreme-ip-lookup.com https://app.meltwater.com https://api.municode.com https://*.ads.cot; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kit.fontawesome.com https://*.windows.net https://cdn.curator.io https://maps.floridadisaster.org https://*.windows.net https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net  https://translate.google.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.surveymonkey.com https://polyfill.io browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://unpkg.com https://tampagov.us12.list-manage.com; style-src 'unsafe-inline' *; img-src 'self' data: https: https://*.google-analytics.com http://www.tampa.gov http://www.tampagov.net; media-src 'self' https://video.twimg.com https://www.youtube.com; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://*.vimeo.com/ https://app.powerbigov.us https://web.microsoftstream.com https://visualping.io; font-src 'self' data: https: ; report-uri /report-csp-violation 2
default-src 'none'; connect-src https://hqiem7393d.execute-api.us-west-2.amazonaws.com https://myscript.prismic.io https://myscript.cdn.prismic.io; font-src data:; img-src 'self' https://cdn-images-1.medium.com https://cdn.myscript.com data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.myscript.com https://cloud.typography.com; media-src 'self'; manifest-src 'self'; object-src 'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com 2
frame-ancestors https://www.niagahoster.co.id/ https://panel.niagahoster.co.id/ 2
script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.salesforce.com 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.stripe.com https://www.paypal.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com *.paypal.com; 2
frame-ancestors skyteam.com 2
frame-ancestors creation.com wasp.creation.com 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru www.google-analytics.com *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net megatimer.ru stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' megatimer.ru mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru anycaster.tv *.anycaster.tv livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru newapp.bonus-tv.ru *.newapp.bonus-tv.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru yandex.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com mil.ru *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://vuz.mil.ru https://www.mil.ru https://*.mil.ru https://anycaster.tv https://livezvezda.mediacdn.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com https://www.scotiawealthmanagement.com;script-src 'self' 'unsafe-inline'  *.google.com *.google.ca *.google.com.co *.google.com.br *.gstatic.com *.contentsquare.net *.contentsquare.com www.google.com/maps/d/embed www.youtube.com/embed scotiabankfiles.azureedge.net www.facebook.com/ScotiabankColpatria twitter.com/scotiacolpatria www.instagram.com/banco_colpatria www.youtube.com/ScotiabankColpatriaOficial apps.scotiabank.com somniture.scotiabank.com www.googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io assets.adobedtm.com cm.everesttech.net somniture.scotiabank.com tags.bkrtx.com  app.link  www.google-analytics.com  connect.facebook.net cdnssl.clicktale.net www.espn.com.co  cdn.ampproject.org  www.scotiawealthmanagement.com www.scotiabankcolpatria.com;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  *.google.ca  *.google.com.co  *.google.com.br  *.contentsquare.net  *.contentsquare.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  stats.g.doubleclick.net  www.scotiawealthmanagement.com;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  google.com/maps/d/embed *.contentsquare.net *.contentsquare.com youtube.com/embed iabankfiles.azureedge.net facebook.com/ScotiabankColpatria ter.com/scotiacolpatria instagram.com/banco_colpatria youtube.com/ScotiabankColpatriaOficial scotiabankfiles.azureedge.net apps.scotiabank.com somniture.scotiabank.com googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io tags.bkrtx.com  www.scotiawealthmanagement.com www.scotiabankcolpatria.com; 2
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
frame-ancestors 'self' ecamm.com *.ecamm.com intercom-sheets.com ; 2
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https: 2
default-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.userway.org; script-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://www.nostarch.com https://nostarch.com https://ajax.googleapis.com https://www.google-analytics.com https://cdn.userway.org https://api.userway.org https://ajax.cloudflare.com; object-src https://www.youtube.com https://w.soundcloud.com; img-src 'self' 'unsafe-inline' data: blob: https://www.nostarch.com https://nostarch.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://api.userway.org https://cdn.userway.org; frame-ancestors 'self'; child-src https://cdn.userway.org https://www.youtube.com https://w.soundcloud.com  https://nostarch.com; connect-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://api.userway.org; report-uri /report-csp-violation 2
frame-ancestors cms.pptvthailand.com *.pptvhd36.com 2
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self' data: *.bilibili.com *.hdslb.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.biligame.com; style-src 'self' 'unsafe-inline' *.hdslb.com static.geetest.com; img-src 'self' data: blob: 'unsafe-inline' *.bilibili.com *.hdslb.com http://*.hdslb.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com cnzz.mmstat.com open.weixin.qq.com *.bdstatic.com *.baidu.com *.bilibiligame.net thirdwx.qlogo.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bilibili.com *.hdslb.com api.geetest.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com http://*.cnzz.com *.bdstatic.com *.baidu.com; object-src 'self' *.hdslb.com; media-src 'self' *.acgvideo.com http://*.acgvideo.com *.ksyungslb.com; connect-src 'self' data: wss://*.bilibili.com:* *.bilibili.com *.hdslb.com *.biliapi.net *.biliapi.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; frame-ancestors 'self' *.bilibili.com *.biligame.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; frame-src 'self' open.weixin.qq.com *.bilibili.com *.hdslb.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.biligame.com; report-uri https://security.bilibili.com/csp_report 2
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zhuxiaobang.com *.yangyi08.com *.byteimg.com *.snssdk.com *.bytedance.net *.ibytedtos.com wss://*.bytedance.net *.pstatp.com *.ipstatp.com *.sgpstatp.com *.bytecdn.cn *.byted.org *.tiktok.com *.shimolife.com *.alipayobjects.com *.toutiao.com *.oceanengine.com *.bytedance.com *.hypstarcdn.com *.byteoversea.com *.alicdn.com *.giocdn.com *.growingio.com sp0.baidu.com zz.bdstatic.com *.snssdk.com wss://*.snssdk.com *.alipay.com;report-uri https://csp.snssdk.com/v17 2
object-src 'self' https://media.freedom.press; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://commerce.coinbase.com/; connect-src 'self' https://analytics.freedom.press https://checkout.stripe.com https://cdn.jsdelivr.net https://pressfreedomtracker.us https://media.freedom.press; media-src 'self' https://media.freedom.press; frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://commerce.coinbase.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run https://commerce.coinbase.com/; default-src 'self'; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://pressfreedomtracker.us https://media.freedom.press; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2
default-src 'self'  'unsafe-inline'  'unsafe-eval';  script-src https://www.banfield.com/ https://www.prod-sitecorebf-cd.cloud-effem.com/ https://unpkg.com  https://webchat.helpshift.com https://www.instagram.com https://scontent.cdninstagram.com https://az416426.vo.msecnd.net https://*.vo.msecnd.net https://cdn.cookielaw.org https://use.typekit.net https://data.schemaapp.com https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com blob: 'self' 'unsafe-inline' 'unsafe-eval' http://*.foresee.com https://*.foresee.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://connect.facebook.net https://connect.facebook.net http://www.google-analytics.com/ https://www.google-analytics.com/ http://*.googleapis.com https://*.googleapis.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.instagram.com; connect-src https://graph.instagram.com https://device.4seeresults.com https://*.visualstudio.com https://www.instagram.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://scontent.cdninstagram.com blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.prod-sitecorebf-cd.cloud-effem.com/ http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://analytics.foresee.com https://brain.foresee.com https://foreseeresults.com https://www.google-analytics.com https://ssl.google-analytics.com/ http://*.foresee.com https://*.foresee.com; frame-src https://youtu.be https://www.youtube.com/ https://www.youtube-nocookie.com/ https://8303955.fls.doubleclick.net/ http://8303955.fls.doubleclick.net/ https://scontent.cdninstagram.com https://prd01.launch.banfield.com/ https://*.webchat.helpshift.com/ https://checkout.globalgatewaye4.firstdata.com/payment 'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.foresee.com https://*.foresee.com http://*.facebook.com https://*.facebook.com; img-src https://*.cdninstagram.com https://www.facebook.com https://maps.google.com https://via.placeholder.com https://www.google.com/ads/ga-audiences blob: http://*.iatspayments.com https://*.iatspayments.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://beacon.clickequations.net/ https://beacon.clickequations.net/ http://*.gstatic.com https://*.gstatic.com http://*.googleadservices.com https://*.googleadservices.com https://foresee.mobi https://banscstore01.blob.core.windows.net https://*.blob.core.windows.net/ https://static.foresee.com/ http://gateway.foresee.com/ https://gateway.foresee.com/; style-src https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com https://stackpath.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/font-awesome/ 'self' http://*.iatspayments.com https://*.iatspayments.com 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://*.foresee.com https://*.foresee.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net https://gateway.foresee.com https://reactjs.org https://cdn.jsdelivr.net; font-src https://stackpath.bootstrapcdn.com/font-awesome/ 'self' data: 'unsafe-inline' 'unsafe-eval' http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com http://*.foresee.com https://*.foresee.com; 2
frame-ancestors 'self' https://baby.ru https://www.baby.ru https://m.baby.ru; 2
frame-ancestors portal vdnh.ru 2
frame-ancestors 'self' *.facebook.com *.heartmath.org *.na3.netsuite.com *.pardot.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com  *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:; 2
frame-ancestors http://*.trabajando.com https://*.trabajando.com https://*.trabajando.cl https://*.gpsrrhh.com http://*.trabajando.cl http://*.gpsrrhh.com http://portaltrabajos.ulagos.cl https://www.creaempleo.cl http://empleo.udec.cl http://empleos.ubb.cl http://egresados.utalca.trabajando.com http://empleos.uv.cl http://www.mercadolaboraluc.cl http://empleos.ucentral.cl http://www.unapempleo.cl http://www.trabajandouss.cl http://www.empleos.uchile.cl http://trabajos.usach.cl http://empleos.uach.cl http://laboral.inacap.cl http://empleos.derecho.uchile.cl http://empleosfactec.usach.cl http://trabajos.enac.cl http://*.omil.cl https://*.omil.cl https://accesounico.ceduc.cl http://accesounico.ceduc.cl http://empleosqa.sii.cl https://marketplace.trabajando.cl https://trabajos.achs.cl http://trabajos.achs.cl; 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com komentidewater.org komencharlotte.org *.manduka.com komen-dallas.org komenbatonrouge.org komenncalabama.org manduka.com; report-uri http://www.info-komen.org/site/XFrameViolation 2
frame-ancestors 'self' *.unitymedia.de; 2
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: wss://*.hotjar.com 2
default-src 'none'; base-uri 'none'; frame-src www.google.com checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com checkout.stripe.com www.google-analytics.com www.google.com www.gstatic.com 'unsafe-eval'; img-src *.scryfall.com scryfall.com *.stripe.com www.google-analytics.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com www.google-analytics.com checkout.stripe.com; block-all-mixed-content; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src ws: https: 'self'; frame-ancestors 'self'; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com/ ; img-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' 'self' https://pagead2.googlesyndication.com/ 2
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com; 2
base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 2
report-uri ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru ostrovokru006.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com  tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com *.bluekai.com *.mail.ru ru.surveymonkey.com; img-src * data:; report-uri /hc/csp 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
script-src *.frb.org *.googleapis.com *.addthis.com *.youtube.com *.google-analytics.com googlemaps.github.io *.google.com *.gstatic.com *.federalreserve.org *.addthisedge.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 2
frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com 2
frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com https://www.uol.com.br; 2
frame-ancestors *.windstream.net 2
frame-ancestors 'self' https://*.shareworks.com https://*.solium.com https://shareworksacademy.exceedlms.com https://shareworks.exceedlms.com https://shareworkstest.exceedlms.com https://shareworks.exceedlms-staging.com 2
default-src 'self'; connect-src 'self' https://api.ipify.org https://ct.pinterest.com/ https://www.google-analytics.com https://s.yimg.com https://visitwalesapi.thedms.co.uk https://google-analytics.com https://stats.g.doubleclick.net https://apikeys.civiccomputing.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://r1.dotmailer-surveys.com https://3981996.fls.doubleclick.net https://tr.snapchat.com/ https://www.google.co.uk/ https://www.facebook.com/ https://player.vimeo.com/ https://r1.dotdigital-pages.com https://open.spotify.com; img-src 'self' https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://maps.googleapis.com https://maps.gstatic.com data: https://www.google-analytics.com https://stats.g.doubleclick.net/ https://visitwalesimages.thedms.co.uk https://developers.google.com https://3981996.fls.doubleclick.net https://tr.outbrain.com/ https://amplifypixel.outbrain.com/ https://bat.bing.com/ https://www.facebook.com/ https://ct.pinterest.com/ https://t.co https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://secure.adnxs.com https://idsync.rlcdn.com https://tag.adaraanalytics.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://dpm.demdex.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://rtb.gumgum.com https://ad.yieldlab.net https://i.liadm.com https://www.croeso.cymru https://croeso.cymru https://tag.yieldoptimizer.com https://abs.twimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://addevent.com https://www.addevent.com; media-src 'self' https://www.google-analytics.com https://www.croeso.cymru https://croeso.cymru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.instagram.com https://r1.dotmailer-surveys.com/ https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://www.googleadservices.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://s.pinimg.com https://sc-static.net https://amplify.outbrain.com https://tag.yieldoptimizer.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://analytics.twitter.com https://www.google.com https://googletagmanager.com https://google-analytics.com https://r1.dotdigital-pages.com https://addevent.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com; style-src 'self' 'unsafe-inline' blob: https://platform.twitter.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://platform.twitter.com https://unpkg.com; frame-ancestors 'self' https://www.rslcontent.co.uk http://www.rslcontent.co.uk; report-uri https://www.visitwales.com/report-uri/enforce 2
frame-ancestors 'self'; report-uri https://scan.campusgroups.com/csp_reports; 2
child-src 'self' https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp auth.airnewzealand.co.nz auth.airnewzealand.com; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info t.a3cloud.net ib.adnxs.com auth.airnewzealand.co.nz auth.airnewzealand.com ssl.google-analytics.com cdnjs.cloudflare.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' video.cdnvue.com ; frame-src 'self' www.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
connect-src 'self' https://test.de https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com fast.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com fast.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com; form-action 'self' www.facebook.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com; frame-src https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com; frame-ancestors 'self' https://www.gigaset.com; img-src 'self' 'report-sample' https://smarttracking.defacto-x.net https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de fast.smarketer.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com; 2
frame-ancestors 'self' https://loading.com.br https://www.spjogosdeesports.com.br https://spjogosdeesports.com.br 2
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com; connect-src https: wss: 'self' www.gov.uk yoast.com *.hotjar.com; img-src https: 'self' data: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com; style-src https: 'self' 'unsafe-inline' djtflbt20bdde.cloudfront.net fonts.googleapis.com; frame-src https: 'self' www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com; font-src https: 'self' data: fonts.gstatic.com; media-src https: 'self' media.nominet.uk; frame-ancestors 'self'; base-uri 'self' *.helpscout.net; form-action 'self' *.theukdomain.uk forms.hsforms.com *.facebook.com; object-src 'self' *.cloudfront.net; manifest-src 'self'; 2
frame-ancestors 'self' https://www.elal-matmid.com https://*.elal.com https://experience.adobe.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://ws14.hotjar.com syndication.twitter.com ton.twimg.com abs.twimg.com pbs.twimg.com cdn.syndication.twimg.com platform.twitter.com twitter.com surveylegend.com datawrapper.dwcdn.net dwcdn.net www.canva.com piktochart.com *.piktochart.com www.surveylegend.com www.google.com www.gstatic.com cdn.jsdelivr.net static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io maps.gstatic.com spectator.clingendael.org www.clingendael.org maps.googleapis.com www.google.nl https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://static.addtoany.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://fresnel.vimeocdn.com data: https://www.youtube.com https://localfocuswidgets.net 2
default-src * 'unsafe-eval' 'unsafe-inline' data:; 2
default-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com; img-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com data:; connect-src 'self'; script-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline'; style-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline' 2
default-src 'self' *.ing.pl ping-prod.ext.e-point.pl *.e-point.pl *.adocean.pl https://optimize.google.com *.ingbank.pl https://ing.pl; font-src 'self' *.googleapis.com *.ingbank.pl data: themes.googleusercontent.com *.gstatic.com tagmanager.google.com *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com https://optimize.google.com *.e-point.pl https://ing.pl; style-src 'self' 'unsafe-inline' code.jquery.com *.googleapis.com *.ingbank.pl https://optimize.google.com *.e-point.pl https://www.gstatic.com *.ing.pl www.google.com ping-prod.ext.e-point.pl https://platform.twitter.com www.googletagmanager.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com https://ton.twimg.com https://ing.pl *.ytimg.com; img-src 'self' data: *.ggpht.com *.adocean.pl *.e-point.pl traffic.tgdaudience.com www.google.pl https://optimize.google.com https://syndication.twitter.com clients1.google.com tagmanager.google.com *.gstatic.com *.domy.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com www.google.com *.glosdlafirm.pl ping-prod.ext.e-point.pl *.ing.pl apollo-ireland.akamaized.net *.googleusercontent.com https://img.youtube.com https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.twimg.com *.ingbank.pl img01-olxpl.akamaized.net *.hit.gemius.pl *.googleapis.com *.google-analytics.com *.doubleclick.net ingbankslaski.d2.sc.omtrdc.net *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://adocean-pl.hit.gemius.pl https://ireland.apollo.olxcdn.com https://ing.pl adocean-pl.hit.gemius.pl content.ing.pl https://d-gr.cdngr.pl d-gr.cdngr.pl *.ytimg.com https://s-gm.cdngr.pl https://d-gr.rc.cdngr.pl; frame-src 'self' *.tradedoubler.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl *.ing.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com https://www.youtube.com https://optimize.google.com traffic.tgdaudience.com *.e-point.pl *.hit.gemius.pl ferryt-u.pl.ing-ad *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl https://ing.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl *.googleapis.com https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com ingbankslaski.d3.sc.omtrdc.net https://www.oauth.googleusercontent.com cdn.tgdaudience.com https://cdn.syndication.twimg.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl https://www.apis.google.com *.ing.pl *.demdex.net www.googletagmanager.com https://platform.twitter.com https://www.youtube.com https://optimize.google.com www.googleadservices.com *.e-point.pl https://www.gstatic.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net https://ton.twimg.com https://ireland.apollo.olxcdn.com https://ing.pl *.ytimg.com; object-src 'self' *.ingbank.pl *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com *.e-point.pl https://ing.pl; connect-src 'self' traffic.tgdaudience.com *.e-point.pl *.adocean.pl *.demdex.net www.googletagmanager.com *.ing.pl ping-prod.ext.e-point.pl wss://*.twilio.com https://syndication.twitter.com ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com https://*.twilio.com *.doubleclick.net *.ingbank.pl *.hit.gemius.pl ingbankslaski.d2.sc.omtrdc.net https://ing.pl; frame-ancestors 'self' *.ingbank.pl ping-prod.ext.e-point.pl *.ing.pl *.demdex.net www.googletagmanager.com *.e-point.pl; 2
default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; connect-src 'self' https://stats.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://connect.facebook.net/ https://vc.hotjar.io https://in.hotjar.com https://*.demdex.net https://api.company-target.com https://smetrics.aveva.com https://cm.everesttech.net https://forms.hsforms.com https://forms.hubspot.com https://forms.hubspot.com https://assets.adobedtm.com https://aveva.tt.omtrdc.net https://m.addthis.com https://api.hubapi.com; img-src 'self' data: https://segments.company-target.com https://a.emtana.com https://whisky.ana.biddingx.com https://whisky.ana.stg8.com https://masky.biddingx.com https://t.co https://connect.facebook.net https://forms.hubspot.com https://*.demdex.net https://match.prod.bidr.io https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://avevaenglishdev.112.2o7.net https://forms.hsforms.com https://track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://okt.to https://analytics.twitter.com https://script.hotjar.com https://tag.demandbase.com https://static.ads-twitter.com http://clientservices.googleapis.com https://static.hotjar.com https://static.oktopost.com https://www.googletagmanager.com http://r2---sn-ci5gup-cvhz.gvt1.com http://r4---sn-qxaeen7e.gvt1.com http://redirector.gvt1.com http://update.googleapis.com http://www.gstatic.com https://js.driftt.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.hsadspixel.net https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://noembed.com *.adobe.com google-analytics.com *.google-analytics.com https://fast.wistia.net http://fast.wistia.com http://vimeo.com https://vimeo.com https://*.vimeo.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.youtube.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsleadflows.net  https://s.ytimg.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://s7.addthis.com https://v1.addthisedge.com  https://m.addthis.com https://graph.facebook.com; frame-src 'self' https://www.w3.org https://view.ceros.com https://forms.hsforms.com https://vars.hotjar.com https://js.driftt.com https://*.demdex.net https://www.facebook.com https://www.youtube.com https://fast.wistia.net https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://www.slideshare.net; frame-ancestors 'self' https://explore.osisoft.com https://osisoft.lookbookhq.com https://osisoft.pathfactory.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline' data:; 2
media-src 'self' https:; upgrade-insecure-requests; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; frame-src 'self' https: https://optimize.google.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https: https://fonts.gstatic.com; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com 2
default-src 'self'; img-src * blob:; frame-src 'self' www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' dmaps.daum.net t1.daumcdn.net s1.daumcdn.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' s1.daumcdn.net fonts.googleapis.com t1.daumcdn.net; font-src 'self' fonts.gstatic.com; 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com foerderrechner.bosch-thermotechnology.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net; frame-src 'self' *.vimeo.com *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me; object-src 'self'; connect-src 'self' *.google-analytics.com *.helpscout.net *.wistia.com d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com *.toolset.com *.cloudflare.com wss://chat-support.toolset.com https://chat-support.toolset.com wss://activity-tracker.toolset.com https://activity-tracker.toolset.com *.doubleclick.net 2
default-src 'self'; img-src 'self' *.ingenico.com data: cdn.cookielaw.org t.co bat.bing.com www.google.com www.google.nl www.googletagmanager.com *.google-analytics.com match.prod.bidr.io id.rlcdn.com *.company-target.com *.linkedin.com i.ytimg.com track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ingenico.com business.ingenico.com cdn.cookielaw.org *.gstatic.com *.onetrust.com www.google.com www.googletagmanager.com static.ads-twitter.com js.hs-analytics.net analytics.twitter.com bat.bing.com www.google-analytics.com *.demandbase.com pi.pardot.com www.youtube.com chimpstatic.com *.hotjar.com snap.licdn.com *.crazyegg.com js-na1.hs-scripts.com js.hs-banner.com; style-src 'self' 'unsafe-inline' *.ingenico.com; font-src *; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com business.ingenico.com cdn.cookielaw.org static.ads-twitter.com bat.bing.com *.google-analytics.com www.google.com *.onetrust.com *.twitter.com *.demandbase.com *.gstatic.com pi.pardot.com www.youtube.com chimpstatic.com *.ingenico.com *.hotjar.com snap.licdn.com *.crazyegg.com js.hs-analytics.net js-na1.hs-scripts.com js.hs-banner.com; connect-src 'self' *.doubleclick.net cdn.cookielaw.org www.google-analytics.com api.company-target.com bat.bing.com *.onetrust.com *.hotjar.com wss://ws13.hotjar.com *.hotjar.io *.crazyegg.com; frame-src 'self' 'unsafe-inline' ingenico.symex.be *.companywebcast.com www.google.com www.youtube.com www.youtube-nocookie.com library.ingenico.com player.vimeo.com *.hotjar.com; 2
default-src 'self'; child-src 'self' blob: https://content.googleapis.com https://www.googletagmanager.com/ns.html; connect-src 'self' https://www.browsealoud.com https://siteintercept.qualtrics.com https://atlas.microsoft.com https://www.google-analytics.com https://events.glasgowlife.org.uk https://plus.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://babm.texthelp.com https://dc.services.visualstudio.com; font-src 'self' 'unsafe-inline' data: https://www.browsealoud.com https://atlas.microsoft.com https://fonts.gstatic.com https://fonts.googleapis.com https://fast.fonts.net; frame-src 'self' https://player.vimeo.com https://www.youtube.com; img-src 'self' blob: data: https://www.browsealoud.com https://atlas.microsoft.com https://gl-events.s3.amazonaws.com https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://gl-wip-portal-cache.azureedge.net https://gl-test-portal-cache.azureedge.net https://gl-prod-portal-cache.azureedge.net https://glwipportal.blob.core.windows.net https://gltestportal.blob.core.windows.net https://glwipportal.blob.core.windows.net https://glprodportal.blob.core.windows.net https://glportalprodblob.blob.core.windows.net https://glportalv2qablobfront.blob.core.windows.net https://glportalv2prodblob.blob.core.windows.net https://events.glasgowlife.org.uk https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.gravatar.com https://plus.browsealoud.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' blob: https://gl-test-portal.azurewebsites.net https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://*.speechstream.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://apis.google.com https://atlas.microsoft.com https://www.browsealoud.com https://plus.browsealoud.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://fast.fonts.net https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://atlas.microsoft.com https://fonts.googleapis.com https://fast.fonts.net https://plus.browsealoud.com https://tagmanager.google.com; report-uri https://stormid.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 2
default-src https:; style-src https: 'unsafe-inline'; img-src * data:; font-src *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src *; 2
default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' *.taboola.com *.yimg.com *.doubleclick.net *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com *.crazyegg.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.yahoo.com *.taboola.com *.adsrvr.org *.yimg.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.googleadservices.com js.hsleadflows.net app.calconic.com storage.googleapis.com static.hsappstatic.net use.typekit.net *.cloudfront.net js.hs-scripts.com static.hotjar.com snap.licdn.com script.hotjar.com js.hsadspixel.net js.hs-analytics.net js.usemessages.com www.google-analytics.com connect.facebook.net public.profitwell.com js.hs-banner.com js.partnerstack.com www.googletagmanager.com https://tagmanager.google.com; img-src 'self' www.google.com www.google.es p.adsymptotic.com *.cloudfront.net www.linkedin.com px.ads.linkedin.com www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com track.hubspot.com p.typekit.net track.hubspot.com www.facebook.com;connect-src forms.hubspot.com statistics-dot-calconic-app.appspot.com www.google-analytics.com vc.hotjar.io api.mixpanel.com grsm.io api.hubspot.com in.hotjar.com api.hubapi.com app.calconic.com www2.profitwell.com;font-src 'self' fonts.gstatic.com use.typekit.net data: script.hotjar.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com *.cloudfront.net; frame-src 'self' app.hubspot.com vars.hotjar.com www.google.com; media-src 'self' *.cloudfront.net;upgrade-insecure-requests 2
default-src 'self' secure.test.bs.ch secure.bs.ch www.staatskalender.bs.ch www.tiefbauamt.test.bs.ch www.tiefbauamt.bs.ch egov-by-zid.ch www.leastyger-photography.ch www.regierungsrat.bs.ch *.showare.ch *.solique.ch de.wikipedia.org *.youtube.com map.geo.test.bs.ch map.geo.bs.ch *.abel-systems.ch www.eventdb.bs.ch www.rechtsprechung.gerichte-bs.ch *.basleratlas.ch *.google.com staticweb.bs.ch statabs.github.io statabs-test.github.io public.tableau.com cdn.knightlab.com service.buschviper.ch hit.uptrendsdata.com draeggwaegg.ch www.ub.basleratlas.ch eepurl.com www.tageskarte-gemeinde.ch blog.staatsarchiv-bs.ch data.bs.ch muenzwurf.statabs.ch marketing.us8.list-manage.com basleratlas.ch 1270.appointmind.net avenue.argusdatainsights.ch seu2.cleverreach.comi multimedia-bs.ch;script-src 'self' standortmarketing.prog.online s.ytimg.com *.youtube.com *.piwikpro.com *.siteimproveanalytics.com siteimproveanalytics.com 'unsafe-inline' multimedia-bs.ch hit.uptrendsdata.com baselstadt.containers.piwik.pro baselstadt.piwik.pro bot.bs-kt.prod.byerley.ch embed.typeform.com chat.aiaibot.com 'unsafe-eval';connect-src 'self' standortmarketing.prog.online hit.uptrendsdata.com *.piwikpro.com *.piwik.pro *.containers.piwik.pro api.aiaibot.com klv.egov.bs.ch;img-src 'self' *.prog.online multimedia-bs.ch *.piwikpro.com *.siteimproveanalytics.io *.abel-systems.ch www.test.bs.ch www.bs.ch hit.uptrendsdata.com *.piwik.pro data: 'unsafe-eval' bot.bs-kt.prod.byerley.ch;style-src 'self' 'unsafe-inline' bot.bs-kt.prod.byerley.ch;frame-src *; 2
script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' marketplace.goxip.com www.rewardsnap.com 2
default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob: 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: 2
default-src 'self' https://*.zettle.com https://*.izettle.com;connect-src 'self' https://*.zettle.com https://*.izettle.com 'self' https://*.hotjar.com:* https://*.zettle.com https://analytics.google.com https://app.launchdarkly.com https://bat.bing.com https://c.friendbuy.com https://cdn.friendbuy.com https://cdn.izettle.com https://cdn1.friendbuy.com https://clientstream.launchdarkly.com https://embed.friendbuy.com https://events.launchdarkly.com https://kitsune.izettle.com https://logs-01.loggly.com https://main.ujet.co https://my.izettle.com https://optanon.blob.core.windows.net https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://sapi.searchblok.com https://secure.izettle.com https://sentry.io/api https://ssl.google-analytics.com https://stats.g.doubleclick.net https://status.izettle.com https://trc-events.taboola.com/1313048/ https://trc.taboola.com/1313048/ https://trustpilot.izettle.com https://ujet-chat-auth-staging.herokuapp.com https://vc.hotjar.io https://ws.friendbuy.com https://www.google-analytics.com https://www.google.co.uk/ads/ https://www.google.com.br/ads/ https://www.google.com.mx/ads/ https://www.google.com/ads/ https://www.google.de/ads/ https://www.google.dk/ads/ https://www.google.es/ads/ https://www.google.fi/ads/ https://www.google.fr/ads/ https://www.google.ie/ads/ https://www.google.it/ads/ https://www.google.nl/ads/ https://www.google.no/ads/ https://www.google.se/ads/ https://www.izettle.com wss://*.hotjar.com;frame-src 'self' https://*.zettle.com https://*.izettle.com https://*.selz.com https://*.zettle.com https://4896710.fls.doubleclick.net https://br.izettle.com https://cdn1.friendbuy.com https://de.izettle.com https://discover.izettle.com https://dk.izettle.com https://es.izettle.com https://fi.izettle.com https://fr.izettle.com https://gb.izettle.com https://go.pardot.com https://it.izettle.com https://izettle-community.force.com https://izettle.getfeedback.com https://izettle.go2cloud.org https://mx.izettle.com https://my.izettle.com https://nl.izettle.com https://no.izettle.com https://optimize.google.com https://player.vimeo.com https://privacyportal-eu.onetrust.com https://se.izettle.com https://secure.livechatinc.com https://terms-and-conditions.izettle.com https://vars.hotjar.com https://websdk.ujet.co https://widget.trustpilot.com https://www.youtube.com https://zettle-community.force.com https://zettle.go2cloud.org;style-src 'self' 'unsafe-inline' https://*.zettle.com https://*.izettle.com 'self' 'unsafe-inline' https://*.zettle.com https://cdn.cookielaw.org https://cdn.izettle.com https://fonts.googleapis.com https://optanon.blob.core.windows.net https://optimize.google.com https://tagmanager.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.zettle.com https://*.izettle.com 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.izettle.com/jquery/ https://*.zettle.com https://accounts.livechatinc.com https://adservice.google.com/ddm/ https://bat.bing.com https://br.izettle.com https://c.friendbuy.com https://cdn.cookielaw.org https://cdn.friendbuy.com https://cdn.izettle.com https://cdn.livechatinc.com https://cdn.polyfill.io https://cdn.taboola.com/libtrc/unip/1313048/tfa.js https://cdn1.friendbuy.com https://code.jquery.com https://connect.facebook.net https://de.izettle.com https://discover.izettle.com https://djnf6e5yyirys.cloudfront.net https://dk.izettle.com https://embed.friendbuy.com https://es.izettle.com https://externals.ujet.co https://fi.izettle.com https://fr.izettle.com https://gb.izettle.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://it.izettle.com https://main.ujet.co https://mx.izettle.com https://my.izettle.com https://nl.izettle.com https://no.izettle.com https://optanon.blob.core.windows.net https://optimize.google.com https://pi.pardot.com https://player.vimeo.com/api/player.js https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://s.ytimg.com https://script.hotjar.com https://se.izettle.com https://secure.livechatinc.com https://securetoken.googleapis.com https://sjs.bizographics.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hotjar.com https://tagmanager.google.com https://trc.taboola.com/1313048/ https://vc.hotjar.io https://websdk.ujet.co https://widget.trustpilot.com https://ws.friendbuy.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.google.com.br https://www.google.com.mx https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pt https://www.google.se https://www.googleadservices.com https://www.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com/iframe_api;img-src 'self' data: https://*.zettle.com https://*.izettle.com 'self' data: http://a.storyblok.com http://img2.storyblok.com https://*.zettle.com https://analytics.google.com https://assistly-production.s3.amazonaws.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.izettle.com https://cds.taboola.com/ https://cx.atdmt.com https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://i3.ytimg.com https://insights.hotjar.com https://my.izettle.com https://optanon.blob.core.windows.net https://optimize.google.com https://script.hotjar.com https://secure.livechatinc.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.google.com.br https://www.google.com.mx https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pt https://www.google.se https://www.googletagmanager.com https://www.gstatic.com;font-src 'self' data: https://*.zettle.com https://*.izettle.com https://*.zettle.com https://cdn.izettle.com https://discover.izettle.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://static.hotjar.com;media-src 'self' https://*.izettle.com https://a.storyblok.com;child-src https://vars.hotjar.com 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 2
frame-ancestors 'self' www.kutxabank.es; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
frame-ancestors https://*.news.at http://*.news.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'none';                                     connect-src https://sonarsource.cdn.prismic.io https://sonarsource.prismic.io https://www.google-analytics.com https://veh6ryrcr4.execute-api.eu-central-1.amazonaws.com https://stats.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://rec5.visualwebsiteoptimizer.com;                                     font-src 'self' https://fonts.gstatic.com data:;                                     frame-src https://sonarsource.prismic.io https://www.youtube.com;                                     img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://dev.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://rec5.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com;                                     media-src 'self';                                     script-src 'self' 'unsafe-inline' https://code.jquery.com https://static.cdn.prismic.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://dev.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://rec5.visualwebsiteoptimizer.com;                                     style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;                                     worker-src blob:; 2
frame-src                          'self'                          https://eu-west-2-elume.s3.us-east-1.amazonaws.com/                          https://forms.hsforms.com/                          https://app.hubspot.com                          https://www.googletagmanager.com                          https://accounts.google.com                          https://sdk.companywebcast.com                          https://ir.asp.manamind.com                          https://www.youtube.com                          https://www.youtube-nocookie.com                          *.metric.gstatic.com                          https://webcast.seria.no                          https://spinzam.com/                          https://player.vimeo.com                          https://cdn.embedly.com                          https://www.facebook.com                          https://www.google.com/                          https://twitter.com/                          https://kongsberg.easycruit.com;                          frame-ancestors                          'self' 2
frame-ancestors 'self'; report-uri /csp-log.php 2
frame-ancestors 'self' https://*.nantesmetropole.fr; 2
frame-ancestors 'self' https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2
frame-ancestors *.kwankodev.net *.kwanko.com *.netaffiliation.com 2
frame-ancestors https://*.shapeamerica.org 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://trackcmp.net/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com *.licdn.com *.quantcount.com *.quantserve.com *.virtualearth.net *.bing.com https://s.ytimg.com/ https://www.youtube.com/ https://sp.analytics.yahoo.com/ https://s.yimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com *.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' *.bing.com https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://*.google.com *.botframework.com wss://directline.botframework.com *.crazyegg.com https://sample-api-v2.crazyegg.com/ https://s.yimg.com/ https://bat.bing.com https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
frame-ancestors 'self' *.ancestrydata.com genlookups.com *.genlookups.com *.legacy.com whostextingmykids.com 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net 2
default-src 'self' ; connect-src https://www.econda-monitor.de 'self' https://*.cornelsen.de ; font-src https://tagmanager.google.com https://fonts.gstatic.com data: 'self' https://*.cornelsen.de ; frame-src https://monitor.econda-monitor.de https://www.googletagmanager.com/ns.html 'self' https://*.cornelsen.de https://www.youtube-nocookie.com https://w.soundcloud.com https://docs.google.com/gview ; img-src https://monitor.econda-monitor.de https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 'self' https://*.cornelsen.de data: ; object-src 'none' ; script-src https://monitor.econda-monitor.de https://www.googletagmanager.com https://tagmanager.google.com 'self' https://*.cornelsen.de 'unsafe-eval' data: ; style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' https://*.cornelsen.de 'unsafe-inline' ; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' ; report-uri /__csp-report ; 2
frame-ancestors 'self' eon.de *.eon.de 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: erm-chat.bod.de:8080 *.bod.de images.bod.com *.bod.com  *.trustpilot.com *.googletagmanager.com ssl.google-analytics.com *.google-analytics.com *.facebook.net *.facebook.com *.facebook.de *.bing.com *.twitter.com static.ads-twitter.com t.co *.google.com googleads.g.doubleclick.net *.adfarm1.adition.com connect.facebook.net fast.fonts.net *.fonts.net *.google.de stats.g.doubleclick.net *.googleadservices.com *.googleapis.com *.gstatic.com *.cookiefirst.com *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.youtu.be *.vimeo.com; img-src 'self' data: blob: https:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.ytimg.com https://script.crazyegg.com https://dnn506yrbagrg.cloudfront.net https://planner-widget.goabout.com https://stats.g.doubleclick.net https://www.gstatic.com https://track.adform.net https://blokks.co https://view.genial.ly https://*.cloudfront.net https://static.hotjar.com https://parking-widget.goabout.com https://script.hotjar.com https://*.lightning.force.com https://www.facebook.com https://snap.licdn.com https://connect.facebook.net https://in.hotjar.com/ https://stats.g.doubleclick.net https://radboudumc.bbvms.com/ https://cdn.bluebillywig.com https://*.twitter.com https://cdn.syndication.twimg.com https://twitter.com; style-src 'self' 'unsafe-inline'  https://fast.fonts.net https://*.cloudfront.net https://fonts.googleapis.com https://*.lightning.force.com https://*.twitter.com; img-src 'self'  https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://static.genial.ly https://*.amazonaws.com https://*.lightning.force.com https://px.ads.linkedin.com https://www.facebook.com https://*.bbvms.com/ https://*.bluebillywig.com https://*.cloudfront.net https://*.twimg.com https://*.twitter.com; media-src 'self'  https://static.genial.ly/ https://radboudumc.bbvms.com/; font-src 'self'  data: https://*.cloudfront.net https://fonts.gstatic.com https://*.lightning.force.com https://cdn.bluebillywig.com/*; frame-ancestors 'self' https://bewerk.radboudumc.nl https://radboud.app.connexys.nl https://cboards.caresharing.eu https://twitter.com; frame-src 'self'  https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://radboudumc-web.ungerboeck.com https://planner-widget.goabout.com https://www.google.com https://docs.google.com https://view.genial.ly https://vars.hotjar.com https://parking-widget.goabout.com/ https://*.bbvms.com/ https://embed.nkr-cijfers.nl https://*.caresharing.eu  https://*.bluebillywig.com https://*.twitter.com https://twitter.com; connect-src 'self'  https://www.google-analytics.com https://view.genial.ly https://twitter.com https://*.lightning.force.com https://in.hotjar.com/ https://stats.g.doubleclick.net https://radboudumc.bbvms.com/; object-src 'self';  2
frame-ancestors self fasttech.com *.fasttech.com 2
default-src 'self' data: https://*.spcollege.edu https://ai.ocelotbot.com https://api.hubapi.com https://blog.spcollege.edu https://cdn.yoshki.com https://*.facebook.com https://*.adroll.com https://*.g.doubleclick.net https://*.gstatic.com https://dpm.demdex.net https://fonts.gstatic.com https://forms.hsforms.com https://*.hubspot.com https://www.google.com https://*.googleapis.com https://www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://img.youtube.com https://insight.adsrvr.org https://px.ads.linkedin.com https://t.co https://translate.google.com https://translate.googleapis.com https://webapps.spcollege.edu; child-src 'self' https://adservices.brandcdn.com https://askalibrarian.org https://bid.g.doubleclick.net https://d1eoo1tco6rr5e.cloudfront.net https://embed.ocelotbot.com https://embeds.tagboard.com https://forms.hsforms.com https://www.google.com https://insight.adsrvr.org https://player.vimeo.com https://spcollege.financialaidtv.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.googleapis.com https://*.hubspot.com https://adservices.brandcdn.com https://ai.fatv.us https://ai.ocelotbot.com https://analytics.twitter.com https://cdn.yoshki.com https://cdnjs.cloudflare.com https://d.adroll.com https://d.adroll.mgr.consensu.org https://connect.facebook.net https://e.com https://embed.financialaidtv.com https://embed.ocelotbot.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hsadspixel.net https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://platform.twitter.com https://px.ads.linkedin.com https://s.adroll.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com https://static.tagboard.com https://tag.brandcdn.com/ https://translate.google.com https://utils.spcollege.edu https://webapps.spcollege.edu https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.tagboard.com https://ai.ocelotbot.com https://*.googleapis.com https://utils.spcollege.edu; frame-ancestors 'self' https://www.youtube.com https://embed.ocelotbot.com https://embeds.tagboard.com; object-src 'none'; 2
frame-ancestors https://community.personio.com https://community.personio.de https://www.personio.com https://www.personio.de https://personio.elearnio.com https://personio.elearnio.de 2
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 2
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://rt.inistrack.net https://stats.g.doubleclick.net https://www.facebook.com https://pixel.wp.pl https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://collect.tealiumiq.com https://www.googletagmanager.com www.google.com http://www.webankieta.pl https://app.revhunter.tech www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://www.webankieta.pl https://cloud.webankieta.pl http://datacloud.tealiumiq.com https://santandertfi.pl https://formularze.santander.pl https://netevent.tv https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://fundusze.santandertfi.pl *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.script.crazyegg.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://pixel.wp.pl https://unpkg.com https://maps.googleapis.com https://santandertfi.pl https://my.tealiumiq.com http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://code.jquery.com https://www.gstatic.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://fundusze.santandertfi.pl https://www.googletagmanager.com https://www.google-analytics.com http://script.crazyegg.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://omnibot.santander.pl https://www.google-analytics.com https://aplikacje-pfrportal.pl https://my.tealiumiq.com https://stats.g.doubleclick.net https://collect.tealiumiq.com 'self' 2
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net; frame-ancestors 'self' god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://*.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/  http://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top http://*.chinaso.com http://*.chinaso365.com http://*.huanleguang.com http://*.huanleguang.cn http://bj.96weixin.com http://*.haoche.cn https://*.haoche.cn http://*.haoche.cn:*/ http://*.shuaishou.com http://localhost:*  http://*.sensorsdata.cn http://*.uupoop.com/ https://*.fnwenjuan.cn http://*.mangoerp.com http://mangoerp.com http://*.dianxiaomi.com http://*.eccang.com/ http://*.smartapps.cn http://*.chaojimoban.com http://*.dianxiaobao.net http://*.elstgl.com http://*.maimiao.icu/ http://*.lediaocha.com 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
default-src 'self' https://*.jsdelivr.net https://wp-themes.com https://*.cloudflare.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src  'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'  2
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 2
frame-ancestors 'self' https://us.marantz.com/; 2
default-src 'self' data https:; img-src 'self'  https;style-src 'self' https:; script-src-elem 'self https:; script-src 'self' https: ; script-src-attr 'self' https:; 2
frame-ancestors 'self' temenos.seismic.com 2
frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2
font-src 'self' code.freent.de oauth.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 2
frame-ancestors https://pay.amazon.com 2
frame-ancestors 'self' *.comune.milano.it 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com www.recaptcha.net; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; img-src 'self' data: *.bankaustria.at bs.serving-sys.com track.adform.net s1.adform.net img.youtube.com www.facebook.com unicreditgroup.122.2o7.net googleads.g.doubleclick.net www.google.com www.google.at www.google.de f1.eu.readspeaker.com cdn1.readspeaker.com maps.gstatic.com maps.googleapis.com cashbackonline.at www.cashbackonline.at www.gstatic.com f1-eu.readspeaker.com media.readspeaker.com collect.tealiumiq.com cdn.tagcommander.com manager.tagcommander.com manager.commander1.com engage.commander1.com sync.commander1.com privacy.commander1.com bankaustria.commander1.com privacy.trustcommander.net ad.doubleclick.net px.ads.linkedin.com www.linkedin.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com cdn1.readspeaker.com fonts.googleapis.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bankaustria.at www.googleadservices.com googleads.g.doubleclick.net f1-eu.readspeaker.com connect.facebook.net bs.serving-sys.com secure-ds.serving-sys.com maps.googleapis.com ahc-prod.tetralog-it.de ahc-prod-dc-muc1.tetralog-it.de track.adform.net s1.adform.net cdn.tagcommander.com cdn.trustcommander.net bankaustria.commander1.com www.googletagmanager.com www.google.com www.google.at cdn1.readspeaker.com  snap.licdn.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.bankaustria.at bid.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com vttts-eu.readspeaker.com service.rs-software.at connect.facebook.net cdn.tagcommander.com cdn.trustcommander.net www.yumpu.com 9764401.fls.doubleclick.net www.kununu.com quizz-ba.reea.net; frame-ancestors 'self' *.bankaustria.at; connect-src 'self' *.bankaustria.at wss://www.bankaustria.at ahc-prod.tetralog-it.de ahc-prod-dc-muc1.tetralog-it.de bs.serving-sys.com www1.emarsys.net www.kapdion.com track.adform.net privacy.trustcommander.net privacy.commander1.com directline.botframework.com wss://directline.botframework.com maps.googleapis.com www.google.com; font-src 'self' fonts.gstatic.com data:; media-src 'self' *.bankaustria.at rstts-eu.readspeaker.com app-eu.readspeaker.com media-eu.readspeaker.com vttts-eu.readspeaker.com 2
script-src 'self'; 2
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net  *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com form.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; frame-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com form.guuru.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; object-src 'self'; 2
img-src 'self' brace.video.qq.com *.ebay.com *.ebay.cn www.google-analytics.com *.salesforce.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src *; media-src *; frame-src 'self' https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' 2
block-all-mixed-content; font-src https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com; frame-ancestors 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none'; report-uri https://o223921.ingest.sentry.io/api/1440158/security/?sentry_key=541f0dd3978f481cb41cd99dc9f24ed6&sentry_environment=production&sentry_release=2ba1806e4702c949db7986716fb9e0c5b4ea9e81-production 2
default-src 'self' 'unsafe-inline' *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com data: *.acquia.com *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.acquia.com *.egain.cloud *.analytics-egain.com *.criteo.net *.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.nr-data.net web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com unpkg.com *.kampyle.com polyfill.io *.b-cdn.net cdn.rawgit.com *.jivox.com c3plp.net *.force.com *.salesforce.com *.salesforceliveagent.com; style-src 'self' 'unsafe-inline' *.acquia.com *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.egain.cloud *.jsdelivr.net https://optimize.google.com unpkg.com *.kampyle.com *.force.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net *.kampyle.com *.turn.com images.rouseservices.com *.advanseads.com; frame-src 'self' *.acquia.com *.marchex.io *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.uni