Values for content-security-policy:
upgrade-insecure-requests 5,588
upgrade-insecure-requests; 3,646
frame-ancestors 'self' 2,706
block-all-mixed-content 1,333
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 775
frame-ancestors 'none' 342
frame-ancestors 'self'; 328
default-src * data: 'unsafe-eval' 'unsafe-inline' 295
default-src https: data: 'unsafe-inline' 'unsafe-eval' 272
frame-ancestors 'self' http://webvisor.com 261
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 259
frame-ancestors 'self' ; 170
168
frame-ancestors 'self' https://app.kajabi.com 117
frame-ancestors 'none'; 99
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 91
upgrade-insecure-requests; frame-ancestors 'self' 90
img-src https: data:; upgrade-insecure-requests 89
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://ssl.p.jwpcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bam.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://ssl.p.jwpcdn.com https://jwpltx.com https://cdnjs.cloudflare.com https://www.gstatic.com https://bam.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com ;  font-src 'self' data: https://*.highwebmedia.com https://ssl.p.jwpcdn.com https://cdnjs.cloudflare.com fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://bam.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://www.google-analytics.com https://links.services.disqus.com https://sentry.io https://cbvideoupload.s3-accelerate.amazonaws.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 84
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 69
default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 55
frame-ancestors about: 'self' 52
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 52
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.sex.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com;img-src 'self' 'unsafe-inline' data: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 50
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.webtrends.com statse.webtrendslive.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com; 49
script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 49
* 41
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 38
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 33
report-uri /report-csp-violation 31
upgrade-insecure-requests; block-all-mixed-content; 30
block-all-mixed-content; 29
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 28
default-src 'self' 27
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 27
frame-ancestors https://www.hk-laisee.com https://www.hk-rewards.com https://www.myopinions.com.au 27
frame-ancestors 'self' https://metrica.yandex.ru/; 27
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 26
frame-ancestors 'self' https://*.tw.mawebcenters.com 26
report-uri //report-csp-violation 25
default-src 'self'  https:;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;         style-src 'self' 'unsafe-inline' https:;         img-src * data:;         font-src 'self' data: https:;         form-action *; 25
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 23
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 23
frame-ancestors 'self' https://explore.oracle.com 22
self 22
frame-ancestors self 21
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  20
reflected-xss block 20
frame-ancestors 'self'  https://*.impress.ly  https://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  https://*.ipage.com  https://*.yourhostingaccount.com  https://*.ecwid.com 20
frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 20
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 19
script-src *; 18
referrer origin 18
default-src http: data: 'unsafe-inline' 'unsafe-eval' 18
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 17
frame-ancestors 'self'; upgrade-insecure-requests 17
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 17
'self' https://ajax.googleapis.com 17
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 17
default-src https: 'unsafe-inline' data: 'unsafe-eval' blob: 17
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 15
frame-ancestors 'self' https://military.gillette.com https://gillette.com https://gillette.mybigcommerce.com 15
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 14
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 14
frame-ancestors 'self' https://encheres.lefigaro.fr 14
frame-ancestors 14
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 14
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 14
object-src 'self' 14
default-src https: 'unsafe-inline' 'unsafe-eval' 14
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 13
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 13
none 13
default-src https: blob:; frame-ancestors 'self'  https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 13
frame-ancestors 'self' http://webvisor.com; 13
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 13
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 13
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 13
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.google-analytics.com https://*.mookie1.com http://ib.adnxs.com https://secure.adnxs.com www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://in.taskanalytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' * data:;frame-src 'self' *.youtube.com *.vimeo.com *.morningstar.com *.portalbank.no https://id.eika.no https://www.googletagmanager.com https://ir.asp.manamind.com https://ext.mnm.as https://connect.facebook.net *.doubleclick.net https://*.google.se https://*.google.no https://*.google.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com/tr/;report-uri /WebResource.axd?cspReport=true 13
frame-ancestors http://*.olx.co.cr:* http://*.olx.com:* http://*.olx.com.ar:* http://*.olx.com.bo:* http://*.olx.com.co:* http://*.olx.com.ec:* http://*.olx.com.gt:* http://*.olx.com.ni:* http://*.olx.com.pa:* http://*.olx.com.pe:* http://*.olx.com.py:* http://*.olx.com.sv:* http://*.olx.com.uy:* http://*.olx.com.ve:* http://*.olx.ir:* http://*.mod-tools.com:* https://*.olx.co.cr:* https://*.olx.com:* https://*.olx.com.ar:* https://*.olx.com.bo:* https://*.olx.com.co:* https://*.olx.com.ec:* https://*.olx.com.gt:* https://*.olx.com.ni:* https://*.olx.com.pa:* https://*.olx.com.pe:* https://*.olx.com.py:* https://*.olx.com.sv:* https://*.olx.com.uy:* https://*.olx.com.ve:* https://*.olx.ir:* https://*.mod-tools.com:* 12
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=generic 12
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 12
default-src 'none'; connect-src 'self' *.mil.ru mc.yandex.ru; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.rambler.ru *.yandex.ru *.maps.yandex.net *.mail.ru *.google-analytics.com *.google.com cdnjs.cloudflare.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.yandex.net *.yadro.ru *.mil.ru data: counter.yadro.ru *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' http://mil.ru/ mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru *.yandex.net *.yandex.ru *.yadro.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtube.com *.youtu.be *.google.com; font-src 'self' fonts.gstatic.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru; base-uri 'self'; form-action 'self'; 12
frame-ancestors 'self' http://*.elsevier.es/ 12
img-src * data: blob:; 12
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com *.effad.ru effad.ru *.me-talk.ru disgusting.ru yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net; 12
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 12
script-src * 'self' 'unsafe-inline' 'unsafe-eval'  12
frame-ancestors 'self' https://*.mawebcenters.com 12
default-src 'self' data:; font-src 'self' data: https://fonts.gstatic.com/; media-src 'self' blob:; img-src * data:; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://cdn.plaid.com/ data:; frame-src 'self' https://www.google.com/recaptcha/ https://player.vimeo.com/ https://*.privacy.com/ https://*.facebook.com/ https://cdn.plaid.com/; connect-src 'self' https://a.qwepw.com/ 11
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 11
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com 11
frame-ancestors 'self' https://*.adobe.com 11
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' data:  *.accesso.com; img-src 'self' https: data:; 11
frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content 11
frame-ancestors 'self' https://*.facebook.com; 11
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; 11
default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 10
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 10
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 10
frame-ancestors 'self' https://cms.aboutamazon.com 10
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 10
object-src 'none' 10
default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 10
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 10
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 10
referrer no-referrer 10
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 10
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 10
default-src * 'unsafe-inline' 'unsafe-eval'; 10
frame-ancestors 'self' *.tunegenie.com http://127.0.0.1:* https://127.0.0.1:*; 10
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 10
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com 10
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 10
upgrade-insecure-requests; block-all-mixed-content 9
frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn 9
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 9
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 9
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 9
; 9
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com qicm.americanexpress.com  mpsnare.iesnare.com secure.cmax.americanexpress.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe https://m.addthisedge.com https://m.addthis.com https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ *.addthis.com  https://home-c11.incontact.com/inContact/ChatClient/js/embed.min.js https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com https://qicm.americanexpress.com https://secure.cmax.americanexpress.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com ;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com ;frame-src 'self' http://s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.americanexpress.com/ https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://edge.addthis.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://home-c11.incontact.com/ https://members.cj.com https://survey.seaworldentertainment.com/;connect-src 'self' http://m.addthis.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://online.americanexpress.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 9
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jack.secret-woman.top https://www.google.com.ua https://brdmin.com https://send-notice.com https://threedrive.su https://jkhad.com https://s.beauty-ful.ml https://www.digiseller.ru https://rarenok.biz https://pb-wtf.psh.one https://www.instagram.com https://adservice.google.com.ua https://newans-org.psh.one https://adservice.google.com https://pb.wtf https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://googleads.g.doubleclick.net https://usocial.pro https://d31j93rd8oukbv.cloudfront.net https://ajax.googleapis.com https://universalsrc.com https://goo.gl https://tizer.ssl-services.com http://ruttwind.com https://www.google-analytics.com https://nickhel.com https://ytimgg.com https://stats.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://www.free-kassa.ru https://retarget.ssl-services.com https://cubicmedia.net code.jquery.com www.darii.ru https://api-maps.yandex.ru https://www.gstatic.com pagead2.googlesyndication.com pb.wtf qoo.by ajax.googleapis.com apis.google.com www.google.com https://yandex.ru https://yastatic.net https://site.yandex.net share.yandex.ru clck.yandex.ru sitesuggest.yandex.ru yandex.ru site.yandex.net yastatic.net recreativ.ru yandex.st vk.com mc.yandex.ru; object-src 'self' *.cloudfront.net padsdela.cdnads.com *.youtube.com *.ytimg.com  www.youtube.com; style-src 'self' 'unsafe-inline' https://shop.digiseller.ru https://code.jquery.com https://usocial.pro https://fonts.googleapis.com https://ytimgg.com https://yastatic.net recreativ.ru  ; img-src 'self' data: *; media-src 'self' https://air.radiorecord.ru:805/bighits_320 http://air.radiorecord.ru:805/symph_320 http://air.radiorecord.ru:805/bighits_320 http://air.radiorecord.ru:805/rr_320 *.yandex.net *.kinopoisk.ru; child-src 'self' https://jack.secret-woman.top/ https://threedrive.su/ http://beta.pobit.xyz/ https://streamguard.cc/ https://moonwalk.co/ https://www.instagram.com/ https://news.yandex.ru/ http://pic1.kartinco.top/ googleads.g.doubleclick.net money.yandex.ru https://www.youtube.com www.google.com coub.com *.youtube.com yastatic.net vk.com; font-src 'self' https://www.digiseller.ru https://usocial.pro https://fonts.gstatic.com; connect-src 'self' https://www.oplata.info https://visearch.info https://api.digiseller.ru https://ymetrica1.com https://ff-input.mxpnl.net https://usocial.pro https://ytimgg.com https://cubicmedia.net https://level1cdn.com yandex.ru *.youtube.com  mc.yandex.ru *.gstatic.com 9
upgrade-insecure-requests; frame-ancestors 'self'; 9
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9
frame-ancestors https:; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: 9
default-src 'self'; 9
allow 'self'; 9
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 9
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 8
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 8
block-all-mixed-content;frame-ancestors *.mail.com 8
frame-ancestors 'self' https://www.growingio.com 8
default-src * 'unsafe-inline' 'unsafe-eval' 8
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 8
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 8
base-uri 'self' 8
default-src 'self'; base-uri 'self'; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de https://translate.googleapis.com; img-src 'self' data: http: https:; frame-src https:; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; ;frame-ancestors 'self';report-uri /ls/ 8
frame-ancestors https://www.thetrainline.com https://www.liligo.fr 8
base-uri 'self'; 8
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 8
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-ancestors 'self' online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 8
default-src * data: 'unsafe-inline' 'unsafe-eval' 8
upgrade-insecure-requests; default-src * data: gap: blob: about: 'unsafe-inline' 'unsafe-eval' 8
connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.doubleclick.net; style-src 'self' blob: 'unsafe-inline' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com *.fontawesome.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com; frame-src 'self' *.twitter.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com; worker-src 'self' data: blob: wss:; object-src 'none' 8
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 8
default-src 'self' *.media.livenationinternational.com *.googlesyndication.com;style-src 'unsafe-inline' *.media.livenationinternational.com *.googleapis.com *.lne.nonprod.public.tmaws.eu *.lne.prod.public.tmaws.eu *.livenationinternational.com tagmanager.google.com;img-src 'self' data: *.media.livenationinternational.com *.youtube.com *.betrad.com *.googlesyndication.com *.g.doubleclick.net www.google.com *.googleapis.com *.gstatic.com *.lne.nonprod.public.tmaws.eu *.lne.prod.public.tmaws.eu *.livenationinternational.com www.google-analytics.com s3-eu-west-1.amazonaws.com *.g.doubleclick.net s3-eu-central-1.amazonaws.com www.googletagmanager.com *.doubleverify.com *.facebook.com www.google.co.uk *.evidon.com *.googletagservices.com *.2mdn.net *.mgr.consensu.org tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io widget.ticketmaster.eu s3-eu-west-1.amazonaws.com ad.doubleclick.net *.media.livenationinternational.com www.googletagmanager.com *.evidon.com www.google-analytics.com *.googletagservices.com adservice.google.com adservice.google.co.uk connect.facebook.net *.g.doubleclick.net cdn.ampproject.org evidon.mgr.consensu.org *.googleapis.com *.lne.nonprod.public.tmaws.eu *.lne.prod.public.tmaws.eu *.gstatic.com pagead2.googlesyndication.com gstatic.com www.googleadservices.com *.doubleverify.com js-agent.newrelic.com *.livenationinternational.com bam.nr-data.net *.2mdn.net *.googlesyndication.com www.universe.com *.bannersnack.com tagmanager.google.com;connect-src 'self' cdn.polyfill.io widget.ticketmaster.eu *.g.doubleclick.net vendorlist.consensu.org csi.gstatic.com *.g.doubleclick.net *.doubleverify.com *.googleapis.com *.evidon.com www.google-analytics.com;font-src *.media.livenationinternational.com fonts.gstatic.com *.lne.nonprod.public.tmaws.eu *.lne.prod.public.tmaws.eu *.livenationinternational.com;frame-src www.youtube.com *.googlesyndication.com *.doubleverify.com *.2mdn.net *.facebook.com *.fls.doubleclick.net *.dvtps.com universe.queue-it.net www.universe.com *.googletagservices.com *.bannersnack.com www.google.com *.evidon.com;worker-src 'self' 8
default-src *; img-src 'self' data: http://* ;style-src 'self' http://* 'unsafe-inline'; media-src * blob: mediastream: ; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' data: gap: 8
frame-ancestors * 8
default-src *  'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self'; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;  8
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 8
default-src * data: blob: about:;script-src 'self' *.vk.com *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com *.google.com google.com *.googleapis.com *.vkpartner.ru *.moatads.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline';report-uri /csp 7
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com customer-stories-feed.github.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com 7
default-src * data: blob: about:;script-src 'self' *.vk.com *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com *.google.com google.com *.googleapis.com *.vkpartner.ru *.moatads.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline' 7
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com; 7
frame-ancestors https://www.freshworks.com 7
default-src 'self'; script-src 'self' 'unsafe-inline' 7
default-src * data: 'unsafe-inline' 'unsafe-eval'; 7
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: 7
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 7
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; worker-src blob:; 7
default-src https: 'unsafe-eval' 'unsafe-inline' 7
img-src https: data: 7
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 7
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 7
frame-ancestors 'self' *.imodules.com 7
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com 7
default-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self';style-src 'unsafe-inline' * data:;media-src http://127.0.0.1:10000 blob: data: http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to;form-action 'self' *.twitter.com va.tawk.to https://cp.payguru.com https://www.testgpay.com https://www.gpay.com.tr https://gpay.com.tr https://demo.gpay.com.tr https://www.paytr.com https://www.playanka.com https://test.papara.com https://www.papara.com https://papara.com;frame-ancestors 'self' http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to https://chat.utechsoft.com.tr 7
default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 7
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 6
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 6
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  6
frame-ancestors 'self' https://seocms.redbus.com; default-src 'self' wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://intldashboard.redbus.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://www.google.co.in https://connect.facebook.net http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com http://logs.redbus.com/ https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com  https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com/ http://cdn-jp.gsecondscreen.com https://googleads.g.doubleclick.net http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com http://www.googleadservices.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com/sessionstack.js http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com; img-src 'self' data: https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://googleads.g.doubleclick.net https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com https://stats.g.doubleclick.net http://origin-st.redbus.in https://pilgrimages-cms.s3-ap-southeast-1.amazonaws.com https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://www.facebook.com https://api.midtrans.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self'   https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://bid.g.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com/ https://googleads.g.doubleclick.net https://staticxx.facebook.com https://dis.as.criteo.com; object-src 'none' 6
default-src http: https: wss://allkeyshop.zendesk.com wss://*.zopim.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 6
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 6
script-src 'self' *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleapis.com www.googleadservices.com bat.bing.com *.walkme.com https://d3sbxpiag177w8.cloudfront.net https://d2qhvajt3imc89.cloudfront.net https://*.learnosity.com https://correlation.edgate.com https://*.kidsa-z.com https://*.content.kidsa-z.com 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src 'self' *.content.kidsa-z.com; base-uri 'self'; report-uri /api/csp-report; 6
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 6
frame-ancestors 'self' https://www.bosoy-online.com 6
block-all-mixed-content; upgrade-insecure-requests; 6
frame-ancestors 'self' azeu.marketing.adobe.com 6
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 6
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 6
upgrade-insecure-requests; base-uri 'self' 6
connect-src 'self' habboo-a.akamaihd.net *.habbo.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com *.googlesyndication.com *.gstatic.com images.habbogroup.com http://images.habbogroup.com http://*.habbo.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com http://*.idcgames.com www.funnygames.fi http://www.funnygames.fi www.funnygames.es http://www.funnygames.es www.funnygames.nl http://www.funnygames.nl www.funnygames.fr http://www.funnygames.fr www.funnygames.it http://www.funnygames.it www.funnygames.us http://www.funnygames.us www.funnygames.eu http://www.funnygames.eu www.funnygames.biz http://www.funnygames.biz www.funnygames.com.br http://www.funnygames.com.br *.gamesxl.com http://*.gamesxl.com keygames.com http://keygames.com www.games.co.za http://www.games.co.za www.bgames.com https://www.bgames.com starbie.co.uk https://starbie.co.uk nyckelspel.se https://nyckelspel.se www.elkspel.nl http://www.elkspel.nl www.spele.nl http://www.spele.nl www.spele.be http://www.spele.be www.spelletjesoverzicht.nl http://www.spelletjesoverzicht.nl *.orangegames.com http://*.orangegames.com hyvesgames.nl https://hyvesgames.nl spele.nl http://spele.nl *.giochixl.it http://*.giochixl.it www.1001giochi.it http://www.1001giochi.it minigioco.it https://minigioco.it *.jeuxdelajungle.fr http://*.jeuxdelajungle.fr www.1001games.fr http://www.1001games.fr jouerjouer.com https://jouerjouer.com spele.be http://spele.be oyun.mynet.com http://oyun.mynet.com gamecell.com https://gamecell.com www.gamecell.com https://www.gamecell.com oyungemisi.com https://oyungemisi.com *.1001pelit.com http://*.1001pelit.com pelaaleikkia.com https://pelaaleikkia.com www.isladejuegos.es http://www.isladejuegos.es clavejuegos.com https://clavejuegos.com *.1001spiele.de http://*.1001spiele.de www.jetztspielen.ws http://www.jetztspielen.ws www.spielaffe.de http://www.spielaffe.de *.spielspiele.de http://*.spielspiele.de spielspiele.de https://spielspiele.de *.1001jogos.pt http://*.1001jogos.pt jogojogar.com https://jogojogar.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; upgrade-insecure-requests; report-uri /csp/report 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6
default-src https: data: 'self' *.1gamepay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.frankcasino.net frank-auth.com livestatisc.com echo.ecortb.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.playngonetwork.com *.curacao-egaming.com *.google-analytics.com  *.casinomodule.com *.onlinetechsupport24.com *.livestatisc.com *.jsdelivr.net track.adform.net *.aventonv.com recaptcha.net www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com *.playngonetwork.com; img-src https: data: blob: 'self'; font-src data: 'self' fonts.gstatic.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.cloudflare.com; connect-src ws: wss: 'self' *.casinomodule.com *.onlinetechsupport24.com *.gs-arcadia.com *.st01-gs-arcadia.com *.playngonetwork.com; 6
script-src 'self'; object-src 'self' 6
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.rzrs.de kaufland.staffbase.com 'self' 6
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.ch https://booking2.centerparcs.be 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 6
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 6
img-src https: data:; child-src https:; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 6
img-src * 6
default-src 'self'; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https:; object-src 'none' 6
script-src 'self'    6
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 6
connect-src * 6
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 6
form-action 'self'; 6
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 6
img-src 'self' data: * 6
script-src                     'self'                     *.googleapis.com                     maps.google.de                     www.google.com                     *.gstatic.com                     *.google-analytics.com                     *.googletagmanager.com 		    www.googleadservices.com                     test-rdsrv-frd.mehrkanal.com                     rdsrv-frd.mehrkanal.com                     cdn.frd-dws.de 		    frd-dws-piwik.mehrkanal.com                     display.ugc.bazaarvoice.com                     apps.nexus.bazaarvoice.com                     api.bazaarvoice.com                     analytics-static.ugc.bazaarvoice.com 		    js.adsrvr.org                     'unsafe-inline'                     'unsafe-eval' ; object-src 'self' 6
frame-ancestors 'self' *.classcreator.com *.classconnection.com *.facebook.net *.facebook.com 6
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 5
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 5
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=anonweb 5
frame-ancestors 'self' http://localhost:* https://*.bustle.com 5
frame-ancestors 'self' http://webvisor.com https://webvisor.com 5
nosniff 5
frame-ancestors 'self' pf.content.nokia.com; report-uri /report-csp-violation 5
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj 5
frame-ancestors https: 'self' *.typetastic.com; child-src https: 'self'; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com d.la1-c2-frf.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com 5
font-src * 5
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 5
frame-ancestors https://nurture.solarwinds.com 5
default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com 5
object-src 'none';  5
frame-ancestors 'self' *.google.de *.google.ch *.google.at *.google.nl *.google.cz *.google.sk *.google.com *.google.se *.optimizely.com 5
frame-ancestors https://*.marketo.com 5
default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com 5
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 5
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 5
frame-ancestors 'self' 			*.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com 5
frame-ancestors 'self' *.vergic.com 5
base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 5
default-src https: 'unsafe-inline' data: 'unsafe-eval' 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 5
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; frame-ancestors 'self' app.optimizely.com;font-src * data: 5
object-src 'self'; 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.klm.com https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.accorhotels.com https://*.usabilla.com https://*.hotjar.com https://*.youtube.com https://*.youku.com https://*.google.com https://*.google-analytics.com https://*.iadvize.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 5
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 5
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 5
upgrade-insecure-requests;block-all-mixed-content; 5
default-src 'self'              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com; 5
default-src 'none' ; connect-src 'self' *.ihk.de live.c3networking.de wss://chat.userlike.com/chat/ *.etracker.de b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com cdn.contentful.com pam.ihk-schleswig-holstein.de *.google-analytics.com *.ihk24.de *.userlike.com *.twitter.com expertenpool.automatisierungsregion.de *.googleapis.com *.newsletter2go.com www.powr.io  ; font-src 'self' data: *.googleapis.com dq4irj27fs462.cloudfront.net *.gstatic.com  ; form-action 'self' *.ihk.de *.highcharts.com *.twitter.com www.tfaforms.com www.forschungsfinder-hessen.de routenplaner.bus-bahn-thueringen.de *.wirecard.com *.ihk24.de web.ihk-pfalz.net  ; frame-src 'self' www.ihk-lehrstellenboerse.de www.etermin.net www.forschungsfinder-hessen.de *.google.de www.berufe.tv hk24.perbit-job.de *.twitter.com ihk.selbstdenker.com walls.io *.bright-guide.de www.ihkac-anwendungen.de *.ihk.de b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com www.onlinebewerbungsserver.de hk24.perbit-job.de  www.gatewatch.eu www.ihk-praktikumsportal.de *.flickr.com geoportal-hamburg.de *.xing-events.com *.exmap.de isi.hdb-hamburg.de *.highcharts.com *.facebook.com www.plattform-i40.de *.youtube.com cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.azubi-magdeburg-ihk.de cottbus-ihk-pruefungen.de www.youtube-nocookie.com www.powr.io inx.odav.de www.unikam.de www.ausbildungslauf.de static.issuu.com html5-player.libsyn.com live.c3networking.de www.praktikum.info dihk.imageplant.de ihk-weiterbildung-oldenburg.de cdn.contentful.com ihk-darmstadt-portal.rexx-recruitment.com umap.openstreetmap.fr www.ihk-magdeburg.de www.ihk-berlin.org kvg-kassel.widget-generator.de e.issuu.com www.instagram.com komsis.inecos.de berufsausbildung-aachen-ihk.de expertenpool.automatisierungsregion.de roundme.com bc.pressmatrix.com doo.net player.vimeo.com www.terminland.de www.kandidatenmanagement.de  ; img-src 'self' data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etracker.de www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com *.google.de pam.ihk-schleswig-holstein.de *.userlike.com www.ihk-berlin.de *.twitter.com www.hvv.de www.rmv.de dq4irj27fs462.cloudfront.net *.staticflickr.com www.ihk-wiesbaden.de *.newsletter2go.com *.ihk.de live.c3networking.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-lueneburg.de *.google-analytics.com www.ihk-rlp.de infographic.statista.com *.ihk24.de *.gstatic.com *.exmap.de kvg-kassel.widget-generator.de *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com expertenpool.automatisierungsregion.de roundme.com www.ihk-ostbrandenburg.de www.bso-hessen.de *.googleapis.com *.twimg.com *.google.com vstdbv3 www.ihk-koblenz.de www.ihk-gfi.de www.bahn.de  ; media-src 'self' *.youtube.com dq4irj27fs462.cloudfront.net ims-files-cdn.net  ; object-src 'self' www.berufe.tv  ; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.etracker.de www.etermin.net www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com pam.ihk-schleswig-holstein.de *.userlike.com cdn.rlets.com *.twitter.com www.tfaforms.com walls.io www.googletagmanager.com *.bright-guide.de dq4irj27fs462.cloudfront.net www.google.analytics.com *.newsletter2go.com www.ihkac-anwendungen.de *.ihk.de live.c3networking.de *.flickr.com *.google-analytics.com www.ihk-magdeburg.de connect.facebook.net code.jquery.com/jquery-3.1.1.min.js *.ihk24.de *.xing-events.com *.exmap.de kvg-kassel.widget-generator.de *.highcharts.com *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.instagram.com expertenpool.automatisierungsregion.de *.youtube.com routenplaner.bus-bahn-thueringen.de *.googleapis.com doo.net *.twimg.com cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.powr.io  ; style-src 'self'  'unsafe-inline' *.ihk.de live.c3networking.de *.etracker.de editor.signavio.com maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de *.ihk24.de *.twitter.com www.tfaforms.com expertenpool.automatisierungsregion.de cdnjs.cloudflare.com routenplaner.bus-bahn-thueringen.de *.googleapis.com *.twimg.com  ; child-src 'self' ; report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  5
frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.snaping.net https://statique.snaping.net https://statique-ca.snaping.net https://static-fr.snaping.net https://static-ca.snaping.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.jwpcdn.com https://ads.exosrv.com https://securionpay.com https://optimize.google.com https://js.dplads.com https://a.dplads.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 5
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors *  5
frame-ancestors 'self' weleda.sabio.de 5
default-src * blob: 'self' data: 'unsafe-inline' 'unsafe-eval' https:; 5
default-src * data: ; script-src 'self' 'unsafe-inline' data 'unsafe-eval' https://optanon.blob.core.windows.net/ optanon.blob.core.windows.net https://geolocation.onetrust.com/ geolocation.onetrust.com https://code.jquery.com/ code.jquery.com https://d3moonnr9fkxfg.cloudfront.net/ https://platform.twitter.com b3.mookie1.com googleads.g.doubleclick.net www.googleadservices.com stats.g.doubleclick.net connect.facebook.net www.salesmanago.pl widgets.getsitecontrol.com www.googletagmanager.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com twitter.com *.instagram.com http://s7.addthis.com v2.zopim.com www.salesmanago.pl footer.mars.com www.mars.com c.evidon.com schema.org healthypets.royalcanin.com.au stackpath.bootstrapcdn.com m.addthis.com addthis.com m.addthisedge.com maps.googleapis.com     https://cdn-akamai.mookie1.com https://api-public.addthis.com https://c.imedia.cz  https://static.hotjar.com https://mc.yandex.ru https://script.hotjar.com https://tags.tiqcdn.com https://ajax.googleapis.com https://sa365.ag https://widgets.pinterest.com https://cdnjs.cloudflare.com https://v1.addthisedge.com/ https://v1.addthis.com/ ; style-src * 'unsafe-inline' https://d3moonnr9fkxfg.cloudfront.net/; frame-ancestors 'none' ; base-uri 'self' ; upgrade-insecure-requests ; 5
base-uri 'self'; block-all-mixed-content; form-action https: 5
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.sex.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 4
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 4
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 4
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.yandex.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com mc.yandex.ru ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.yandex.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus mc.yandex.ru ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net; report-uri https://livejournal.com/csp_reports; media-src storage.mds.yandex.net http: https: data: 4
frame-ancestors 'self' app.optimizely.com *.optimizely.com *.optimizelyedit.com; 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/ 4
frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com ;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 4
connect-src * 'self' 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 4
policy-definition 4
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.homeaffairs.gov.au https://*.customs.gov.au https://*.abf.gov.au 4
script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com 'strict-dynamic' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-VYh+xiSqo4QzOSUckJBCHDIBNNBdxwG2PIIevxRqeh4=' *.googleapis.com; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; base-uri 'none' 4
frame-ancestors 'self' https://my.siteground.com https://*.concurra.com/ http://*.concurra.com/ 4
frame-ancestors https://*.cafepress.com https://*.cafepress.co.uk https://*.cafepress.ca https://*.cafepress.com.au ; 4
object-src 'none'; base-uri 'none'; require-sri-for script style 4
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://bilder.hemnet.se:443; media-src 'self' https://*.qbrick.com:443; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com; font-src 'self' 4
frame-ancestors 'none' ; 4
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 4
upgrade-insecure-requests; base-uri 'self'; 4
frame-ancestors 'self' http://www.clarksusa.com/; 4
default-src https: 'unsafe-inline' 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.google-analytics.com *.adroll.com *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com;object-src 'none';report-uri //in.csgofast.com/csp; 4
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 4
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 4
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 4
default-src 'self';script-src 'self' https://www.gstatic.cn *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.emrispay.com *.vsponeprepaidcard.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com https://cdn.datatables.net https://www.recaptcha.net https://ajax.aspnetcdn.com  https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com  https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com 'unsafe-inline' https://www.googletagmanager.com *.mxpnl.com;style-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.emrispay.com *.vsponeprepaidcard.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://cdnjs.cloudflare.com 'unsafe-inline';connect-src 'self'  *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.emrispay.com *.vsponeprepaidcard.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com  https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com https://api.mixpanel.com;font-src https://ajax.aspnetcdn.com 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com;img-src 'self' https://www.google-analytics.com *.acceleratoradmin.com https://www.google-analytics.com https://www.googletagmanager.com data:; frame-src https://www.recaptcha.net/ https://www.google.com *.swiftprepaid.com *.acceleratoradmin.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.tirestorerewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.emrispay.com *.vsponeprepaidcard.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.lincolnelectricdigitalrewards.com *.adpclientappreciation.com *.youtube.com https://youtu.be 4
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 4
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.33.131 http://51.75.145.18 http://51.75.145.222 http://51.75.157.23 http://51.75.60.195 http://51.75.52.31 http://51.77.66.37 http://51.68.154.126 http://51.75.145.15; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 4
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 4
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com 4
default-src 'self'; frame-src 'self' data: fbrpc://call https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/					   https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.algolia.net https://*.algolianet.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; report-uri https://headersreporting.mysaleapi.com/Report 4
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 4
default-src 'none' 4
default-src 'self'; connect-src 'self' https://media.manufactum.de https://*.scene7.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data:  https://*.econda-monitor.de https://manufactum.scene7.com https://media.manufactum.de https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; child-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/; frame-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io; worker-src blob:; media-src blob: 'self' https://media.manufactum.de https://*.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://media.manufactum.de https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/  https://*.econda-monitor.de https://www.googletagmanager.com https://www.google-analytics.com 'sha256-24E9spO23svDkTBI3pZ9OBMtJ9sLH2RiAbSkYdi/38c=' 'sha256-RK5gWrwaWY7/F6AUGQ9ZmFFw6206P+y8yxL2hevtowc='; style-src 'self' 'unsafe-inline' https://media.manufactum.de; report-uri /sell/csp-violation; base-uri 'self' 4
default-src https: data: 'unsafe-inline' 4
frame-ancestors http://webvisor.com 4
script-src 'unsafe-inline' 'unsafe-eval' https: 4
default-src http: https: data: blob: mediastream: wss:; script-src http: https: data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: blob: mediastream: 'unsafe-inline'; 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self'; default-src 'self' https://www.stanbicibtcfundsmanagement.com https://dpm.demdex.net https://maps.googleapis.com https://fast.standardbank.demdex.net https://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel https://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: https://ad.doubleclick.net https://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za https://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://cdn.krxd.net https://assets.adobedtm.com https://secure-ds.serving-sys.com https://cdn.krxd.net https://www.googleadservices.com https://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://*.map2.ssl.hwcdn.net; 4
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://www.medscape.com https://business.facebook.com https://www.facebook.com 4
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 4
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com *.telerain.com:* 4
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com 4
frame-src https:; report-uri /csp-violation-endpoint/ 4
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st  https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com www.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' *.googlesyndication.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' *.facebook.com https://*.facebook.com  bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 4
script-src 'self' 'unsafe-inline' www.google-analytics.com quadia.webtvframework.com code.createjs.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com data:;media-src 'self';frame-src 'self' g.jwpsrv.com www.youtube.com tools.eurolandir.com quadia.webtvframework.com ahold.hostedby.quadia.com aholddelhaize.projects.quadia.net streams.nfgd.nl;font-src 'self' ssl.p.jwpcdn.com;form-action 'self';report-uri /WebResource.axd?cspReport=true 4
frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://uvinum.report-uri.io/r/default/csp/enforce 4
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com; 4
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' *.google.com fonts.googleapis.com geowidget.easypack24.net 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; font-src https: data:; report-uri https://elnino.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 4
connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 4
frame-ancestors 'self' *.11freunde.de *; 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: 4
img-src https: data:; frame-src https:; form-action https:; 4
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 4
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 4
script-src 'self' https://tagmanager.google.com/debug https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://media1.admicro.vn https://admicro1.vcmedia.vn https://www.facebook.com https://google.com https://www.google.com.vn https://sohagame.vcmedia.vn https://soap.soha.vn http://beta.soap.soha.vn https://beta.soap.soha.vn https://createjs.com https://pub.mediacdn.vn https://googleads.g.doubleclick.net https://lg1.logging.admicro.vn https://www.youtube.com https://bid.g.doubleclick.net https://fburl.com https://apis.google.com https://widgets.amung.us https://whos.amung.us https://translate.google.com https://s7.addthis.com https://translate.googleapis.com *.fbcdn.net https://*.fbcdn.net https://*.amcdn.vn static.amcdn.vn https://static.amcdn.vn http://static.amcdn.vn http://soap.soha.vn https://deqik.com http://deqik.com 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-inline' http://park.101datacenter.net data: 4
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.t-d.se; 4
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline';  4
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthis.com m.addthisedge.com m.addthis.com w.estat.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com ajax.googleapis.com; base-uri 'self'; 4
frame-ancestors *.sitewebmotors.com.br; 4
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: http://www.cockovnik.cz http://www.vasecocky.cz; frame-ancestors 'self' 4
upgrade-insecure-requests; frame-ancestors 'self' suitu.cz *.suitu.cz mysuitu.com *.mysuitu.com 4
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src * 'unsafe-inline' 'unsafe-eval' data:; 4
frame-ancestors *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 4
default-src: https: 'unsafe-inline' 4
default-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src *; report-uri /csp-reports.php 4
font-src self https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 4
frame-ancestors 'self' app.optimizely.com 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 3
default-src 'self' https://sb.scorecardresearch.com 'unsafe-inline' 'unsafe-eval' data: https: blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 3
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 3
default-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; object-src *; font-src * data:; img-src * data:; frame-ancestors 'self' *.ca.com; 3
frame-ancestors 'self' *.brazzersnetwork.com 3
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3
frame-ancestors https://*.gameforge.com 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired 3
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https:; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https: https://optimize.google.com; upgrade-insecure-requests; img-src 'self' data: https: http://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; media-src 'self' https:; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com; font-src 'self' data: https: https://fonts.gstatic.com 3
frame-ancestors 'self' accounts.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts-qa.lidl.com https://beeem.co; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 3
style-src 'self' 'unsafe-inline'; 3
frame-ancestors http://*.bestbuy.com https://*.bestbuy.com http://*.bestbuy.ca https://*.bestbuy.ca https://*.google.com https://*.gstatic.com https://*.adobemc.com https://*.adobe.com; 3
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://cdn.decibelinsight.net www.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
style-src 'self' 'unsafe-inline' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 3
default-src 'self' https:; frame-src 'self' https: blob:; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net code.org studio.code.org 3
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 3
default-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com; script-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com; img-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://*.facebook.com https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com data: blob:; frame-src https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://*.facebook.com https://*.twitter.com https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at; font-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 3
frame-ancestors https://eu1-ifwe.3dexperience.3ds.com https://eu1-215dsi0708-ifwe.3dexperience.3ds.com http://sw.local:81 http://sw2.local:81 https://sw2.local:4444 https://solidworks.com https://www-dev.itvpc.solidworks.com https://www-qal.itvpc.solidworks.com https://www-ppd.itvpc.solidworks.com https://www-contrib.itvpc.solidworks.com 3
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://huffintl.report-uri.com/r/d/csp/enforce 3
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics *.curriculumpathways.com 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' app.contentful.com 3
base-uri self;img-src https: data:; 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; 3
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 3
default-src 'self' 'unsafe-inline' *.wistia.dev *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; child-src *; connect-src * blob:; font-src * 'unsafe-inline' data:; frame-ancestors 'self' vwo.com *.vwo.com; img-src * 'unsafe-inline' data: blob:; media-src * 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data:; worker-src * blob: 3
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 3
upgrade-insecure-requests; frame-ancestors 'none'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.lidl.com *.ccmp.eu *.lidl *.lidl.net *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.googletagmanager.com https://tagmanager.google.com https://assets.zendesk.com https://connect.facebook.net *.cookiebot.com *.secrz.de *.google-analytics.com *.ftrace.com; img-src 'self' data: *.lidl *.lidl.net *.ccmp.eu *.lidl.com *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.osm.org *.openstreetmap.org *.doubleclick.net https://s-static.ak.facebook.com https://assets.zendesk.com *.secrz.de *.google-analytics.com *.ftrace.com; style-src 'self' 'unsafe-inline' form.lidl.com fonts.googleapis.com *.bing.com https://assets.zendesk.com *.secrz.de *.ftrace.com; font-src 'self' 'unsafe-inline' form.lidl.com data: themes.googleusercontent.com fonts.gstatic.com *.ftrace.com; frame-src 'self' 'unsafe-inline' www.youtube.com www.tamminen.fi www.socialmediatoolz.com form.lidl.com balancechecks.tx-gate.com ats.ccmp.eu app.bee2code.com 3229.4706.m.edge-cdn.net *.zilmo.fi *.tx-gate.com *.socialmediatoolz.com *.lidl-info.com *.lidl.ro *.lidl.pt *.ccmp.eu *.brandkeydigital.com *.lidl *.test *.lidl.net https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.cookiebot.com *.secrz.de lidl.mcxplatform.de *.ftrace.com; connect-src 'self' form.lidl.com *.lidl *.test *.lidl.net *.lidl.com *.bing.com *.ccmp.eu *.virtualearth.net *.osm.org *.openstreetmap.org *.secrz.de *.google-analytics.com *.ftrace.com; frame-ancestors 'self' *.lidl *.ccmp.eu *.lidl.com *.test *.lidl.net *.bing.com *.googletagmanager.com *.secrz.de *.google-analytics.com *.ftrace.com; 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.greenwichcompliance.com; 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.googleapis.com https://id.cashbackworld.com; img-src 'self' https: data:; font-src 'self' data: https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.gstatic.com https://maps.googleapis.com 3
frame-ancestors  'self' *.pnet.ch 3
frame-ancestors https://s4bg00d.sasdigital.io/ 'self', frame-ancestors  'self' 3
frame-ancestors none 3
default-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr; child-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr; frame-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr; img-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr; script-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr; 3
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru recreativ.ru vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com  https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net *.recreativ.ru *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://wizardmedia.org tor.7x7x.ru https://amigomedia.org advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com *.braun634.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru https://vidroll.ru *.vidroll.ru civilizabetes.com videosmor.com datalock.ru *.videosmor.com push-centr.net push-plus.net zserials.me v.zserials.me https://*.newsforall.biz fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net *.marketgid.com *.adskeeper.co.uk *.tovarro.com et-code.ru etarg.ru et-cod.com threedrive.su block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com https://wizardmedia.org tor.7x7x.ru datalock.ru https://amigomedia.org https://syndication.twitter.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: et-code.ru:8040 etcodes.com:8040 ws://et-code.ru:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' http://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com recreativ.ru et-code.ru https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 3
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.linksynergy.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com *.whiteboard.is www.youtube-nocookie.com *.juicer.io ncrsilver.artefactscloud.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.linksynergy.com *.rakuten.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.com *.hotjar.io cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com; 3
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; 3
img-src * data:; 3
frame-ancestors *.splunk.com *.touchcast.com, frame-ancestors *.splunk.com *.touchcast.com 3
default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru http://*.youtube.com; report-uri https://myklad.org/csp-report.php 3
frame-ancestors 'self' orange.com *.orange.com *.orange-business.com *.cops-prp.multimediabs.com *.cops-prod.multimediabs.com *.multimediabs.com; 3
frame-ancestors 'self';upgrade-insecure-requests 3
frame-src 'self' https://www.terminland.de *.datev.de *.novomind.com 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src https:; 3
default-src * blob:; child-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3
child-src * blob: 3
frame-ancestors 'self' *.loveknitting.com *.loveknitting.de *.loveknitting.co.uk *.loveknitting.com.au *.lovecrochet.com *.lovecrochet.de *.lovecrochet.co.uk *.lovecrochet.com.au *.lovestitching.com *.lovecrafts.com 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vznrw-piwik.init-ag.de https://vznrw-piwik.init-ag.de/piwik.js https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org cdnjs.cloudflare.com https://cdn.jsdelivr.net https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://vznrw-piwik.init-ag.de/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 3
upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
frame-ancestors 'self' *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.777.com *.personalinfoonline.com 888casino.com 888poker.com 888casino.dk 888poker.dk 888casino.ro 888poker.ro 888casino.se 888poker.se 888casino.es 888poker.es 888casino.it 888poker.it 888casino.us 888poker.us; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 3
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.in https://manganime.id 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: 'self' data:; font-src https: 'self' data:; connect-src https: 'self' wss: 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 3
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 3
default-src 'self' https://*;script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'        *.googletagmanager.com        *.cdnwidget.com        *.googleapis.com        *.pinimg.com	*.trustpilot.com	sitesearch360.com        *.sitesearch360.com	*.liveperson.net	*.marinsm.com	*.krxd.net	*.facebook.net	*.doubleclick.net	*.yahoo.com	*.bing.com	*.yimg.com	*.hotjar.com	*.adnxs.com	*.jquery.com	pixel-geo.prfct.co	lpcdn.lpsnmedia.net	cdnjs.cloudflare.com	www.googleadservices.com	*.google-analytics.com	*.google.com	tag.perfectaudience.com	cdn.pcdi.edu	dev.cdn.pcdi.edu	www.rtb123.com	*.lpsnmedia.net	*.adroll.com	*.ashworthcollege.edu;frame-src 'self'        *.liveperson.net	*.facebook.net	*.trustpilot.com	*.reactionads.com	*.doubleclick.net	*.krxd.net	*.hotjar.com	*.lpsnmedia.net	*.fls.doubleclick.net	pixel-geo.prfct.co	*.ashworthcollege.edu	*.pcdi.edu	*.jmhs.com	*.youtube.com	*.vimeo.com	*.facebook.com	*.google.com;style-src 'unsafe-inline'  *;font-src * data:;connect-src 'self'        *.hotjar.io        *.facebook.com	*.cdnwidget.com	*.cdn-basket.net        *.pinterest.com	*.doubleclick.net	*.hotjar.com        wss://*.hotjar.com	*.sitesearch360.com	*.trustpilot.com        *.google.com        *.visualwebsiteoptimizer.com;img-src * data:;media-src 'self'       *.lpsnmedia.net; 3
frame-ancestors 'self' http://quintiles.lookbookhq.com https://quintiles.lookbookhq.com https://lookbook.solutions.iqvia.com http://lookbook.solutions.iqvia.com 3
frame-ancestors 'self' http://texaselectricityratings.com https://texaselectricityratings.com http://www.texaselectricityratings.com https://www.texaselectricityratings.com http://facebook.com https://facebook.com http://www.facebook.com https://www.facebook.com, frame-ancestors http://www.homesinswriversidecounty.com/ 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
manifest-src 'self' https://*.ng-source.com 3
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 3
frame-ancestors 'self' https://*.adventhealth.com 3
frame-ancestors www.youtube.com www.googletagmanager.com resursbank.se.localhost *.resursbank.se.localhost *.resursbank.se *.resursbank.no *.resursbank.fi *.resursbank.dk *.resurs.com resurs.mvp.24hr.se *.resurs.mvp.24hr.se preprod.signicat.com 3
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 3
default-src https: data: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.facebook.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 3
default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals 3
default-src 'none' ;         script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  code.jquery.com  maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com ssl.siteimprove.com www.gstatic.com dl.edge-cdn.net ;          style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net cloud.typography.com *.twimg.com www.metroag.de;          img-src 'self' csi.gstatic.com dl.edge-cdn.net data: maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com ssl.siteimprove.com www.gstatic.com app.miag.com maintenance.metroag.de 1634.global.siteimproveanalytics.io ;         frame-src 'self' www.youtube.com irs.tools.investis.com player.admiralcloud.com *.twitter.com www.google.com dev.dieproduktion.de ;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d1azc1qln24ryf.cloudfront.net ;          object-src 'none' ;         base-uri 'none';         connect-src 'self' dl.edge-cdn.net *.twitter.com www.3dzeitschrift.de ;         media-src 'self' jpn.videos.metrosystems.net edge-cdn.net ;         report-uri MagReport.csp?cspReport=true  3
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru  trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com  ukino-org.psh.one psh.one kino50-org.psh.one *.mgid.com *.siteswithcontent.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc vio.to; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 3
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com yastatic.net *.googleapis.com *.google.com *.google.ru *.yandex.ru yandex.ru *.yandex.net  *.googlesyndication.com; img-src * data: ; style-src 'self' 'unsafe-inline' fonts.googleapis.com yastatic.net; frame-src *.rus.bz *.doubleclick.net *.yandex.ru *.yandex.net yastatic.net *.google.com *.yandexadexchange.net; connect-src 'self' *.yandex.ru *.doubleclick.net *.gstatic.com 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.bootstrapcdn.com *.nuffic.nl *.clickdimensions.com *.maphub.net *.force.com *.thehagueuniversity.com *.dehaagsehogeschool.nl *.dehaagsehogeschool.nl.local *.dehaagsehogeschool.nl.dev *.hhs.local *.thuas.local *.youtube.com *.ytimg.com *.fbcdn.net *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.twitter.com *.linkedin.com *.hotjar.io *.hotjar.com *.doubleclick.net *.googleadservices.com *.google.com *.google.nl *.cookiebot.com *.jsdelivr.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube-nocookie.com ; object-src 'self'; 3
frame-ancestors 'self' https://*.salesforce.com 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 3
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 3
form-action https: 3
font-src *;img-src * data:;  3
script-src 'unsafe-inline' 'unsafe-eval' *.go.co.kr *.naver.net *.googleapis.com *.jquery.com *.kakao.com *.naver.com *.daum.net *.cloudflare.com *.google-analytics.com static.coresco.co.kr *.eeasternworld.co.kr *.ebiznetworks.co.kr *.hotelgangneung.kr *.daumcdn.net *.google.com *.hyutour.co.kr *.gstatic.com *.withutour.co.kr *.ocean2you.co.kr *.varotour.net *.borogogo.co.kr *.gaza82.co.kr; object-src 'self' 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
frame-src 'self' 3
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 3
frame-ancestors 'self' https://*.moody.edu 3
frame-src cdn.ravenjs.com sentry.akenatechnologies.com *.mediavacances.com *.mediavacanze.com *.mediavacaciones.com *.mediaferias.com *.mediaferienportal.com *.mediavakanties.com *.mediahols.com *.mediavacationrentals.com https://rmg.li http://www.facebook.com/plugins/like.php https://www.google.com/recaptcha/ https://www.google.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ravenjs.com sentry.akenatechnologies.com xiti.com *.mediavacances.com *.mediaferienportal.com *.mediahols.com *.mediavacationrentals.com *.mediavakanties.com *.mediavacanze.com *.mediavacaciones.com *.mediaferias.com http://widget.sunz.com https://www.googletagmanager.com https://api.mapbox.com *.openstreetmap.org  *.proskilab.fr *.google-analytics.com *.apis.google.com https://ajax.googleapis.com http://ajax.googleapis.com *.googleapis.com http://maps.gstatic.com http://maps.google.com https://maps.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com http://www.google.com http://connect.facebook.net https://connect.facebook.net *.facebook.com https://tpeweb.paybox.com https://tpeweb1.paybox.com *.xiti.com http://csi.gstatic.com *.sports-hiver.com cse.google.com pagead2.googlesyndication.com www.hometogo.de tc.hometogo.com www.hometogo.com www.meteofrance.com static.criteo.net widget.criteo.com https://www.google.com https://www.gstatic.com data: 3
frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 3
reflected-xss 'filter' 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
default-src https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;font-src 'self' data: https:; img-src 'self' https: data:; connect-src https: wss:; report-uri https://openhost.report-uri.com/r/d/csp/enforce 3
default-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 3
script-src https: 'unsafe-inline' 'unsafe-eval' 3
connect-src 'self' https://www.dlcompare.com https://ajax.googleapis.com data: * https://www.googletagmanager.com https://www.google-analytics.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dlcompare-images.s3.eu-west-3.amazonaws.com https://www.dlcompare.com https://js.gleam.io https://cdn.syndication.twimg.com https://cdn.ckeditor.com https://adservice.google.fr https://pagead2.googlesyndication.com https://www.gstatic.com https://platform.twitter.com https://www.google.com  https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data: https://www.dlcompare.com https://www.dlcompare.pt https://js.gleam.io https://d3tg06jbotvai2.cloudfront.net https://dlcompare-images.s3.eu-west-3.amazonaws.com https://www.google.com https://scontent.xx.fbcdn.net https://platform.twitter.com https://pbs.twimg.com https://stats.g.doubleclick.net https://secure.gravatar.com https://s.w.org https://i1.wp.com https://platform-lookaside.fbsbx.com https://graph.facebook.com https://i2.wp.com https://www.gravatar.com https://cdn.ckeditor.com https://syndication.twitter.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google-analytics.com/ https://www.google.fr; style-src 'self' 'unsafe-inline' https://dlcompare-images.s3.eu-west-3.amazonaws.com https://www.dlcompare.com https://platform.twitter.com https://cdn.ckeditor.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://www.dlcompare.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://gleam.io https://discordapp.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://staticxx.facebook.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com https://googleads.g.doubleclick.net; object-src 'self' https://www.youtube.com; base-uri 'self'; 3
frame-ancestors 'self' https://www.cv.lv https://www.cv.ee https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: ; 3
default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com  https://ssl.google-analytics.com https://google-analytics.com  https://www.google-analytics.com https://www.googletagmanager.com  https://fonts.gstatic.com   http://cdn.onlinesnic.ir  https://themes.googleusercontent.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'  3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 3
default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:*  *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:*  *.hooshco20170301.myddns.me:* *.gstatic.com:*; frame-src 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:*  *.hooshco20170301.myddns.me:* *.gstatic.com:*; frame-ancestors 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* *.hooshco20170301.myddns.me:* *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade;  3
default-src *; font-src data: *; img-src data: *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' * 3
default-src 'self'; frame-src 'none'; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 3
default-src 'self' data: gap: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://service.maxymiser.net https://*.iesnare.com https://*.netspend.net https://*.paypal.com; connect-src 'self' gap: file: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://*.netspend.net https://*.hockeyapp.net https://*.propay.com https://*.appsflyer.com https://*.onelink.me *.westernunion.com https://heapanalytics.com https://*.heapanalytics.com; frame-src gap: https://*.paypal.com https://*.linksynergy.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://service.maxymiser.net https://web.idologylive.com https://us.personalcard.net https://*.cashedge.com https://*.netspend.net https://*.netspend.com https://www.google.com; font-src 'self' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.googleapis.com *.gstatic.com https://service.maxymiser.net https://heapanalytics.com https://*.heapanalytics.com; img-src 'self' data: blob: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.co.uk *.googletagmanager.com https://stats.g.doubleclick.net https://images.cardlytics.com https://*.linksynergy.com https://service.maxymiser.net https://*.paypal.com https://*.netspend.net https://static.helpjuice.com https://heapanalytics.com https://*.heapanalytics.com; object-src https://*.iesnare.com; style-src 'self' 'unsafe-inline' https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://tagmanager.google.com *.googleapis.com https://heapanalytics.com https://*.heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.googleadservices.com https://intljs.rmtag.com https://113.xg4ken.com https://*.linksynergy.com https://service.maxymiser.net https://*.netspend.net https://*.hockeyapp.net https://*.acecashexpress.com https://*.force.com https://*.iesnare.com https://*.iovation.com https://*.appsflyer.com https://*.onelink.me https://*.paypal.com https://bat.bing.com *.propay.com *.westernunion.com https://heapanalytics.com https://*.heapanalytics.com; report-uri /webapi/v2/csp/report 3
default-src 'none'; script-src 'self' connect.facebook.net graph.facebook.com 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com; connect-src 'self' *; img-src 'self' data: *.facebook.com *.youtube.com *.twimg.com *.twitter.com *; style-src 'self' 'unsafe-inline'; media-src 'self' *.youtube.com; font-src 'self'; object-src 'self'; frame-src 'self' *.bmlfuw.gv.at *.bmnt.gv.at https://*.youtube.com *.facebook.com https://*.umweltbundesamt.at https://*.laola1.tv https://*.europa.eu https://*.facebook.com 3
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://www.youtube.com/embed/ https://server.infinety.hu/;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://maps.googleapis.com/maps/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/  https://fonts.googleapis.com/;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/; 				     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://connect.facebook.net/en_US/fbevents.js blob: 'self'; 				     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/;                                     child-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://sparbanner.kolrus.cloud/; 				    media-src https://sparbanner.kolrus.cloud/; 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: 3
frame-ancestors 'self' agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net elcidsales.latitudeguestservices.com 3
script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.lv *.google.de *.google.lu *.google.co.uk *.fr.eu.criteo.net *.nl.eu.criteo.net *.criteo.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com *.fdih.dk *.stackpathdns.com *.cookieinformation.com searchanise.com *.sleeknote.com *.emaerket.dk *.facebook.com *.google-analytics.com *.facebook.net *.googleadservices.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.doubleclick.net *.google.dk *.trustpilot.com *.google.com *.google.no *.google.it *.google.se *.google.nl *.google.fr *.partner-ads.com *.google.fi *.googletagmanager.com *.clerk.io *.addwish.com *.youtube.com v2.zopim.com https://static.zdassets.com https://ekr.zdassets.com google.com google.dk googletagmanager.com googleadservices.com facebook.com *.hotjar.com *.stats.g.doubleclick.net *.g.doubleclick.net *.myfonts.net *.searchanise.com recommender.scarabresearch.com ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.g.doubleclick.net *.myfonts.net *.facebook.com *.criteo.com *.trustedshops.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com snisecdn-feh571kz.stackpathdns.com maxcdn.bootstrapcdn.com  az19942.vo.msecnd.net *.sleeknote.com fonts.googleapis.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.intercomcdn.com *.intercom.io  *.google.lv *.google.de *.google.lu *.google.se *.google.nl *.google.fr *.partner-ads.com *.google.fi *.google.co.uk *.google.no *.myfonts.net *.criteo.com t.raptorsmartadvisor.com *.google.dk *.googleadservices.com *.google-analytics.com *.google.com *.facebook.com *.googletagmanager.com widgets.trustedshops.com widget.trustpilot.com *.app.cookieinformation.com policy.cookieinformation.com track.adform.net invitejs.trustpilot.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com *.public.anpdm.com dev.visualwebsiteoptimizer.com *.klarna.com maps.googleapis.com adtr.io sslwidget.criteo.com *.nl.eu.criteo.net static.criteo.net www.gstatic.com api.clerk.io bat.bing.com googleads.g.doubleclick.net snisecdn-feh571kz.stackpathdns.com assets.zendesk.com *.hotjar.com sleeknotecustomerscripts.sleeknote.com *.searchanise.com dev.visualwebsiteoptimizer.com az19942.vo.msecnd.net sleeknotestaticcontent.sleeknote.com *.g.doubleclick.net *.stats.g.doubleclick.net *.connect.facebook.com connect.facebook.com connect.facebook.net *.connect.facebook.net js-agent.newrelic.com bam.nr-data.net cdn.scarabresearch.com recommender.scarabresearch.com ; font-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.intercomcdn.com *.intercom.io *.googletagmanager.com *.fonts.net *.g.doubleclick.net *.facebook.com *.criteo.com *.myfonts.net widgets.trustedshops.com fonts.gstatic.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com maxcdn.bootstrapcdn.com *.hotjar.com ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.trustedshops.com *.google.lv *.google.de *.google.lu *.google.se *.google.nl *.google.fr *.partner-ads.com *.fbsbx.com *.google.fi *.google.co.uk *.googletagmanager.com *.google.no *.myfonts.net *.criteo.com *.klarna.com dis.eu.criteo.com *.g.doubleclick.net *.raptorsmartadvisor.com *.gstatic.com *.google.dk *.googleadservices.com *.google-analytics.com *.google.com *.facebook.com *.maps.gstatic.com maps.googleapis.com widget.trustpilot.com *.app.cookieinformation.com cookie.fdih.dk *.zopim.com *.zopim.io *.public.anpdm.com *.zdassets.com *.zendesk.com *.twimg.com dev.visualwebsiteoptimizer.com bat.bing.com analytics.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com sleeknoteimages.sleeknote.com widget.trustpilot.com *.hotjar.com *.cchobby.fr *.cchobby.dk *.cc-craft.ie *.cchobby.nl *.cchobby.no *.cchobby.se ; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.myfonts.net *.g.doubleclick.net *.criteo.com *.cookieinformation.com *.app.cookieinformation.com *.facebook.com dis.eu.criteo.com static.criteo.net *.nl.eu.criteo.net vars.hotjar.com ekr.zdassets.com *.trustpilot.com player.vimeo.com www.google.com kataloge.cchobby.de kataloger.cchobby.dk catalogues.cchobby.com view.ipaper.io kuvastot.cchobby.fi catalogues.cchobby.fr catalogussen.cchobby.nl kataloger.cchobby.no kataloger.cchobby.se catalogues.cc-craft.co.uk luettelo.sinelli.fi viewer.ipaper.io ; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google.lv *.google.de *.google.lu *.google.fi *.google.co.uk *.googletagmanager.com *.google.no *.g.doubleclick.net *.myfonts.net *.facebook.com *.criteo.com wss://*.zopim.com *.google-analytics.com *.hotjar.com *.zopim.io *.zdassets.com *.zendesk.com widget.trustpilot.com *.app.cookieinformation.com maps.gstatic.com *.zopim.com widgets.trustedshops.com sleeknotestaticcontent.sleeknote.com recommender.scarabresearch.com *.googleapis.com vc.hotjar.io recommender.scarabresearch.com ; child-src 'self' 'unsafe-eval' 'unsafe-inline' assets.zendesk.com ekr.zdassets.com widget.trustpilot.com ; object-src 'self' ; report-uri /csp-report/index.php; 3
default-src 'self'; frame-ancestors 'self' https://www.iil.slackandcompany.com/ https://iil.slackandcompany.com/ http://www.iil.slackandcompany.com/ http://iil.slackandcompany.com/ https://www.insideidealabs.com/ https://insideidealabs.com/ http://www.insideidealabs.com/ http://insideidealabs.com/ https://www.insideidealabs.com.ar https://insideidealabs.com.ar http://www.insideidealabs.com.ar http://insideidealabs.com.ar https://www.insideidealabs.de https://insideidealabs.de http://www.insideidealabs.de http://insideidealabs.de https://www.insideidealabs.pe https://insideidealabs.pe http://www.insideidealabs.pe http://insideidealabs.pe https://www.insideidealabs.com.br https://insideidealabs.com.br http://www.insideidealabs.com.br http://insideidealabs.com.br https://www.insideidealabs.jp https://insideidealabs.jp http://www.insideidealabs.jp http://insideidealabs.jp https://www.insideidealabs.eu https://insideidealabs.eu http://www.insideidealabs.eu http://insideidealabs.eu https://www.insideidealabs.co.kr https://insideidealabs.co.kr http://www.insideidealabs.co.kr http://insideidealabs.co.kr https://www.insideidealabs.kr https://insideidealabs.kr http://www.insideidealabs.kr http://insideidealabs.kr https://www.insideidealabs.cn https://insideidealabs.cn http://www.insideidealabs.cn http://insideidealabs.cn https://www.insideidealabs.com.cn https://insideidealabs.com.cn http://www.insideidealabs.com.cn http://insideidealabs.com.cn https://www.insideidealabs.mx https://insideidealabs.mx http://www.insideidealabs.mx http://insideidealabs.mx https://www.insideidealabs.sg https://insideidealabs.sg http://www.insideidealabs.sg http://insideidealabs.sg https://www.insideidealabs.asia https://insideidealabs.asia http://www.insideidealabs.asia http://insideidealabs.asia https://www.insideidealabs.co https://insideidealabs.co http://www.insideidealabs.co http://insideidealabs.co https://www.insideidealabs.co.uk https://insideidealabs.co.uk http://www.insideidealabs.co.uk http://insideidealabs.co.uk https://www.insideidealabs.uk https://insideidealabs.uk http://www.insideidealabs.uk http://insideidealabs.uk ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; media-src 'self' *; connect-src 'self' *; frame-src  'self' *; style-src 'self' 'unsafe-inline' * 3
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.psychic-readings-for-free.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com https://vk.com mc.yandex.ru clck.yandex.ru yandex.st www.google-analytics.com https://www.google-analytics.com www.gstatic.com pagead2.googlesyndication.com https://pagead2.googlesyndication.com; frame-src 'self' vk.com https://vk.com https://login.vk.com apis.google.com platform.twitter.com tpc.googlesyndication.com googleusercontent.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net mc.yandex.ru www.youtube.com; connect-src 'self' mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; 3
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com;' 3
default-src https://*.verticalscreen.com 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; style-src 'self' 'unsafe-inline' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; img-src 'self'  data: https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; font-src 'self' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 3
img-src * data: 3
default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:*  *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:*  *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-ancestors 'self' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade;  3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net maps.googleapis.com *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.googleapis.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com maps.googleapis.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.clearbit.com; img-src 'self' data: pixel.advertising.com *.forcepoint.com analyticsssl.forcepoint.com analyticsnossl.forcepoint.com ssl.google-analytics.com *.marinsm.com *.google-analytics.com s.ml-attr.com stats.g.doubleclick.net *.facebook.com *.adroll.com *.yahoo.com *.google.com *.getsmartcontent.com *.pubmatic.com *.adnxs.com t.co attr.ml-api.io pixel.rubiconproject.com trc.taboola.com sync.outbrain.com *.casalemedia.com idsync.rlcdn.com *.bidswitch.net us-u.openx.net bsw.digitru.st ps.eyeota.net cm.g.doubleclick.net match.adsrvr.org sync-tm.everesttech.net dmp.adform.net i.w55c.net d.turn.com tags.w55c.net sync.tidaltv.com sync.mathtag.com in.v12group.com sync.adap.tv eyeota-sync.dotomi.com p.rfihub.com *.demdex.net *.tealiumiq.com *.vidyard.com *.bing.com s3.amazonaws.com *.s3.amazonaws.com *.driftt.com eb2.3lift.com *.gartner.com *.liadm.com *.krxd.net *.pippio.com *.amazon-adsystem.com *.visualwebsiteoptimizer.com *.cloudfront.net *.cdnwidget.com tags.bluekai.com *.adsymptotic.com cm.everesttech.net pippio.com secure.adnxs.com su.addthis.com lrpush.apxlv.com global.ib-ibi.com bcp.crwdcntrl.net analytics.twitter.com api.bizographics.com sync.placelocal.com segments.company-target.com pixel.tapad.com lrp.mxptint.net match.prod.bidr.io p.univide.com rp.gwallet.com ds.reson8.com dmp.truoptik.com aa.agkn.com bs.serving-sys.com *.entitytag.co.uk token.rubiconproject.com liveramp-eicm-global.dsp.io thrtle.com apolloprogram.io live.rzsync.com *.youtube.com insight.adsrvr.org *.crazyegg.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.google.com *.facebook.net   *.facebook.com *.facebook.net *.dhru.com ; img-src * data:; font-src * data: 3
default-src 'self'; img-src * data:; media-src *;script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js;style-src * 'unsafe-inline' http://fonts.googleapis.com/css;font-src *;frame-src *;connect-src * 3
default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.razorpay.com *.facebook.net *.facebook.com *.google.com *.cloudflare.com *.jqueryui.com *.jquery.com *.gyftr.com *.googleapis.com *.googlecode.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.googletagservices.com *.fontawesome.com *.google-analytics.com *.google.co.in *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.bootstrapcdn.com *.notifyvisitors.com *.linkedin.com *.pinterest.com *.twitter.com *.w3.org; 3
frame-ancestors https://*.marincounty.org http://*.marinpublic.com https://*.mcera.org https://*.marinmap.org https://*.marinfair.org https://*.marincountyparks.org https://*.marincountyhr.org 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'  3
frame-ancestors 'self' * 3
default-src 'self' * data: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' *.onewp.net;   style-src 'unsafe-inline' 'self' data: *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.google.com *.googleapis.com use.typekit.net p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net;   font-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net fonts.gstatic.com data: *.northfork.se *.onewp.net *.prod.onewp.net *.staging.onewp.net use.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net;   script-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.googletagmanager.com *.google-analytics.com *.google.com use.typekit.net sc-static.net *.sc-static.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';   connect-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.google-analytics.com yoast.com performance.typekit.net oocd-api.azurewebsites.net;   img-src 'self' data: *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.cdninstagram.com *.onewp.net *.google-analytics.com *.gstatic.com *.doubleclick.net secure.gravatar.com s.w.org p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net;   frame-src 'self' * 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; upgrade-insecure-requests 3
default-src: https: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 3
frame-ancestors 'self' tableau.joblocal.de 3
default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 3
policy 3
frame-ancestors 'self' http://acpmonitor/*; 3
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.whatsapp.com *.whatsapp.net *.twitter.com;style-src data: blob: 'unsafe-inline' * *.whatsapp.com *.whatsapp.net;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.whatsapp.com *.whatsapp.net *.google-analytics.com;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.google-analytics.com *.fbcdn.net static.xx.fbcdn.net; 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com; 2
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 2
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 2
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com   ; frame-src 'self' *.indeed.com  https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 2
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2
frame-ancestors 'self' *.vice.com *.viceland.com viceland.com viceland.nl vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com 2
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 2
default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-c1a4885167b05ff1cf59c8e9d5370dbe634b9239' https://*.zopim.com https://*.zopim.io https://api.geetest.com https://bin.bnbstatic.com https://cdn.ampproject.org https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.binance.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://bin.bnbstatic.com https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://translate.googleapis.com; font-src 'self' data: https://at.alicdn.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com; connect-src 'self' https://*.zopim.com https://bin.bnbstatic.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://jpush.binance.im:5000 https://resource.binance.com https://s.datasconsole.com https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://translate.googleapis.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream.binance.net:443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' data: https://bin.bnbstatic.com https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.co https://www.binance.net https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://static.zdassets.com https://v2.zopim.com; object-src 'none'; base-uri 'self' 2
frame-ancestors *.xda-developers.com; upgrade-insecure-requests 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.facebook.com *.sociomantic.com *.twitter.com *.google-analytics.com *.youtube.com *.googletagmanager.com *.everestjs.net *.googletagservices.com connect.facebook.net s.ytimg.com *.recreativ.ru userapi.com js-agent.newrelic.com t.trafmag.com code.jquery.com *.olark.com cpa.trafmag.com trafmag.utarget.ru trafmag.com *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com recreativ.ru rozetka.com.ua clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com youtube.com everestjs.net googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com *.bootstrapcdn.com j-mirror.com.ua proschet.branderstudio.com market.darovec.com s.go-mpulse.net paypartslimit.privatbank.ua calc.delta.branderstudio.com ua.tronsmart.com telegram.me ua.ergo-global.com www.film2.com.ua candyhooverbuyandtry.com.ua goo.gl manychat.com gcdn.tranzzo.com krok-ttc.com/zakaz-uslugi.html static.zdassets.com *.rozetka.com.ua *.rozetka.ua rozetka.ua; 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2
frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 2
frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com; 2
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' apps.facebook.com app.optimizely.com fonts.googleapis.com cdn.insurads.com *.e-goi.com 2
frame-ancestors potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com 2
child-src * 2
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://*.pubnub.com https://bat.bing.com https://*.briteverify.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://api.stripe.com https://*.pubnub.com https://*.briteverify.com https://api.soundcloud.com https://api.airbrake.io; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com; img-src * blob: data:; form-action 'self'; 2
default-src https:; child-src https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /ajax/csp-report/ 2
frame-ancestors 'self' apps.facebook.com 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex;img-src * data:;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru cdn7.rocks hgbn.rocks hgbn.rocks cdn7.rocks 192c07d2631da4c.com ee2020419e64bd.com 164e1ca9ba.com  84bd03a2952.com 4fe8f9e14637e5.com 0117cfb042e2d48.com ab23e84117d41e7.com a48121a28f76f93.com https://mc.yandex.ru http://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com yastatic.net;child-src 'self' blob: 2
frame-ancestors https://*.udacity.com 2
frame-ancestors 'self' dsg.marketing.adobe.com 2
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ 2
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com 2
frame-ancestors 'self' *.ally.com; 2
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
img-src data: https:;script-src  'unsafe-inline' 'unsafe-eval' https:;style-src  'unsafe-inline' 'unsafe-eval' https: 2
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
frame-ancestors https://www.facebook.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru *.exist.ru *.exist.parts telegram.org; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru; 2
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2
frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas bddf.biapi.pro bddf-ppd.biapi.pro  prisme.facil-iti.net *.parrainage.bnpparibas *.bnpparibas 2
report-uri https://cspreport.bol.com/report/b/12400  ; default-src https://tpc.googlesyndication.com https://www.bol.com ; connect-src https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://query.autheos.com https://www.bol.com ; font-src data: https://*.s-bol.com https://fonts.gstatic.com https://secure.ogone.com https://www.bol.com ; frame-src https://*.2mdn.net https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.youtube-nocookie.com https://bolfelicitatie.b05-apps.nl https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://player.autheos.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://view.publitas.com https://www.bol.com https://www.facebook.com https://www.google.com ; img-src blob: data: https://*.2mdn.net https://*.akstat.io https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://img.youtube.com https://jwpltx.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://static2.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.ups.com ; media-src https://*.cloudfront.net https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://bolfelicitatie.b05-apps.nl https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com ; object-src https://bolfelicitatie.b05-apps.nl https://st1.streamzilla.jet-stream.nl https://view.publitas.com https://www.bol.com ; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.s-bol.com https://*.youtube-nocookie.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://bolcom.tu-vms.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://d31qbv1cthcecs.cloudfront.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://live.adyen.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://s.ytimg.com https://secure.ogone.com https://ssl.p.jwpcdn.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://tu.tu-vms.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com ; style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://view.publitas.com https://www.bol.com 2
default-src 'self' https://vaughn.live http://vaughn.live https://invidio.us http://invidio.us https://i.ytimg.com http://i.ytimg.com https://i1.ytimg.com https://thumb-v-ec.xhcdn.com https://video2.thegoldwater.com https://thumb-v.xhcdn.com https://vocaroo.com https://www.smashcast.tv https://hooktube.com http://nerv.8ch.net https://nerv.8ch.net http://www.8ch.net https://www.8ch.net https://www.vlive.tv http://www.vlive.tv http://video1.thegoldwater.com https://video1.thegoldwater.com http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0 http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.woff?v=4.3.0 http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.ttf?v=4.3.0 https://www.xaniatube.com http://www.xaniatube.com https://w.soundcloud.com http://w.soundcloud.com http://*.dmcdn.net https://*.dmcdn.net http://s2.dmcdn.net https://s2.dmcdn.net http://www.n330adserv.com http://n330adserv.com http://cdn-e1.streamable.com http://s1.dmcdn.net https://api.streamable.com http://tn-skr2.smilevideo.jp http://embed.nicovideo.jp http://www.liveleak.com http://cdn-w1.streamable.com https://cdn-w1.streamable.com http://streamable.com https://streamable.com http://www.dailymotion.com https://www.dailymotion.com http://vaughnlive.tv https://vaughnlive.tv https://embed.redtube.com https://player.vimeo.com https://d1wst0behutosd.cloudfront.net http://flashservice.xvideos.com https://i.vimeocdn.com http://thumbs-cdn.redtube.com https://thumb-v.xhcdn.com http://www.xhamster.com https://xhamster.com http://xhamster.com http://www.pornhub.com https://www.pornhub.com http://www.redtube.com https://www.redtube.com http://www.tube8.com https://www.tube8.com https://www.xvideos.com http://www.xvideos.com https://www.youjizz.com http://www.youjizz.com https://vimeo.com http://vimeo.com https://vid.me http://vid.me http://*.vid.me https://*.vid.me https://8ch.net http://8ch.net https://sys.8ch.net https://softserve.8ch.net https://media.8ch.net http://media.8ch.net http://media2.8ch.net https://media2.8ch.net http://softserve.8ch.net https://i.imgur.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://banners.8ch.net https://www.youtube.com https://img.youtube.com http://www.youtube.com http://img.youtube.com https://youtube.com http://youtube.com http://*.jtvnw.net http://*.twitch.tv http://*.justin.tv http://*.ttvnw.net http://122.2.223.42 https://*.jtvnw.net https://*.twitch.tv https://*.justin.tv https://*.ttvnw.net https://122.2.223.42 data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2
frame-ancestors 'self' http://*.spirit.com https://*.spirit.com; 2
default-src 'self'; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://www.google-analytics.com/j/collect https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synoform.synology.com; frame-ancestors https://tongji.baidu.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://secure.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://alb.reddit.com https://t.co/i/adsct https://hm.baidu.com/hm.gif data: blob:; media-src 'self' https://download.synology.com; script-src 'self' https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://hm.baidu.com/hm.js https://tongji.baidu.com https://static.hotjar.com https://script.hotjar.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw 2
default-src * 'unsafe-inline' 'unsafe-eval';img-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; 2
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
connect-src 'self' *.google-analytics.com *.g.doubleclick.net *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru https://api.tinkoff.ru https://rci.tinkoff.ru https://cfg.tinkoff.ru https://business.tinkoff.ru https://api.tinkoffinsurance.ru wss://api.tinkoff.ru wss://cobrowsing.tinkoff.ru wss://cobrowsing.tinkoff.ru:443 *.visualwebsiteoptimizer.com;default-src 'self' www.cdn-tinkoff.ru *.webim.ru *.pool.datamind.ru *.tcsbank.ru *.tinkoff.ru;frame-src api-maps.yandex.ru www.cdn-tinkoff.ru www.youtube.com youtu.be zingaya.com *.omniture.com 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.datamind.ru *.visualwebsiteoptimizer.com app.vwo.com *.demdex.net bid.g.doubleclick.net;img-src data: vk.com *.sravni.ru www.facebook.com/tr/ ad.doubleclick.net *.g.doubleclick.net www.googleadservices.com *.google.com www.google.ru www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net www.banki.ru *.yandex.ru *.yandex.net *.bugsnag.com *.2o7.net *.visualwebsiteoptimizer.com api.tinkoff.ru 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru www.cdn-tinkoff.ru *.pool.datamind.ru cm.everesttech.net *.demdex.net statad.ru cx.atdmt.com *.googleapis.com *.tinkoffjournal.ru;report-uri https://www.tinkoff.ru/api/front/log/csp-error;script-src 'unsafe-eval' 'unsafe-inline' *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.visualwebsiteoptimizer.com connect.facebook.net api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru www.youtube.com/iframe_api s.ytimg.com 'self' *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru app.vwo.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.ru;style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.pool.datamind.ru www.cdn-tinkoff.ru app.vwo.com *.visualwebsiteoptimizer.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com; media-src 'self' blob: ; report-uri https://system.netsuite.com/app/security/cspreport.nl 2
default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com http://rum-collector-2.pingdom.net data: maps.googleapis.com;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src 'self' data: fonts.gstatic.com;     img-src 'self' data: asset.piraeusbank.gr https://maps.google.com assets.piraeusbank.gr   assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com http://rum-collector.pingdom.net  'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com 2
frame-ancestors  oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca  *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://cdn.ravenjs.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com 'unsafe-inline';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 2
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 2
default-src 'self' https://derpicdn.net; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net; block-all-mixed-content 2
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2
frame-ancestors http://*.ccf.org https://*.ccf.org https://*.chasepaymentechhostedpay.com https://*.clevelandclinic.org http://*.clevelandclinic.org 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com; 2
script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net https://vk.com/ 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' cdn.logrocket.io api.usersnap.com cdn.usersnap.com cs.money staging.empire-dev-building.xyz; worker-src 'self' data: blob: staging.empire-dev-building.xyz; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 2
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it http://manage.pec.it https://manage.pec.it 2
frame-ancestors 'none'; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com scontent.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com pbs.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com; media-src 'self' scontent.cdninstagram.com video.twimg.com; frame-src 'self' www.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com staticxx.facebook.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org; report-uri /report-csp-violation 2
default-src 'self'; img-src 'self' https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; form-action 'self' https://agilemail.createsend.com/ https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe; frame-src https://www.youtube-nocookie.com/; connect-src 'self' https://start.1password.com/ https://start.1password.ca/ https://start.1password.eu/ https://www.google-analytics.com/ https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://www.googleapis.com/ https://createsend.com/t/getsecuresubscribelink; prefetch-src https://a.1password.com/ https://a.1password.ca/ https://a.1password.eu/; frame-ancestors 'none'; 2
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors https://www.balenciaga.com/ https://www.balenciaga.com/ ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://uwaterloo.ca https://*.uwaterloo.ca https://maxcdn.bootstrapcdn.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleadservices.com https://*.g.doubleclick.net https://6263835.fls.doubleclick.net https://cdnjs.cloudflare.com https://twitter.com https://*.twitter.com https://*.twimg.com https://twitter-widgets.s3.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube-nocookie.com https://s.ytimg.com https://*.livestream.com https://*.webspellchecker.net https://cdn.mathjax.org https://storify.com https://*.addtoany.com https://*.vimeo.com https://*.vimeocdn.com https://*.tintup.com https://*.71n7.com https://d36hc0p18k1aoc.cloudfront.net https://cdn.hypemarks.com https://cdn.leafletjs.com https://cdn-geoweb.s3.amazonaws.com https://cdn.maptiks.com https://api.tiles.mapbox.com https://d591zijq8zntj.cloudfront.net https://*.libanswers.com https://*.libchat.com https://secure.skype.com https://cdn-akamai.mookie1.com https://*.tiqcdn.com https://o2.eyereturn.com https://snap.licdn.com https://*.ads.linkedin.com https://*.hscampaigns.com https://secure.adnxs.com https://public.tableau.com; img-src * data: 2
font-src 'self' *.gstatic.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.rupay.co.in data:;default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'   2
default-src 'self'; img-src 'self' data: smetrics.bankaustria.at bs.serving-sys.com track.adform.net img.youtube.com www.facebook.com unicreditgroup.122.2o7.net googleads.g.doubleclick.net www.google.com www.google.at www.google.de f1.eu.readspeaker.com webapps.bankaustria.at maps.gstatic.com maps.googleapis.com cashbackonline.at www.cashbackonline.at www.gstatic.com f1-eu.readspeaker.com http://www.bankaustria.at http://webapps.bankaustria.at media.readspeaker.com collect.tealiumiq.com cdn.tagcommander.com manager.tagcommander.com manager.commander1.com engage.commander1.com sync.commander1.com privacy.commander1.com bankaustria.commander1.com; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com fonts.googleapis.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bankaustria.at www.googleadservices.com googleads.g.doubleclick.net f1-eu.readspeaker.com connect.facebook.net bs.serving-sys.com secure-ds.serving-sys.com maps.googleapis.com ahc-prod.tetralog-it.de track.adform.net s1.adform.net cdn.tagcommander.com bankaustria.commander1.com www.googletagmanager.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.bankaustria.at bid.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com service.rs-software.at connect.facebook.net cdn.tagcommander.com; frame-ancestors 'self' *.bankaustria.at; connect-src 'self' webapps.bankaustria.at www.bankaustria.at wss://www.bankaustria.at ahc-prod.tetralog-it.de bs.serving-sys.com www1.emarsys.net; font-src 'self' fonts.gstatic.com data:; media-src 'self' http://www.bankaustria.at rstts-eu.readspeaker.com app-eu.readspeaker.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' https://*.sproutsocial.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.hotjar.com *.zmags.com;    connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* *.coremetrics.com ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com *.hotjar.com *.atechmotorsports.com *.zmags.com;    font-src 'self' data:  *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com *.hotjar.com *.zmags.com;     frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.atechmotorsports.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com *.zscalerthree.net *.hotjar.com *.youtube.com *.zmags.com;    img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.atechmotorsports.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com *.hotjar.com *.zmags.com *.zscalerthree.net;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.summit.network *.summitracing.com *.atechmotorsports.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com *.zscalerthree.net *.hotjar.com *.zmags.com *.youtube.com *.ytimg.com;    style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.googleapis.com *.hotjar.com *.zmags.com *.zscalerthree.net; 2
frame-ancestors *.2checkout.com *.2co.com *.avangate.com 2
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id 2
frame-ancestors self fasttech.com *.fasttech.com 2
default-src 'self' *.e-point.pl *.adocean.pl *.ingbank.pl *.ing.pl; font-src 'self' *.e-point.pl *.ingbank.pl *.ing.pl themes.googleusercontent.com *.googleapis.com *.gstatic.com tagmanager.google.com data:; style-src 'self' 'unsafe-inline' *.e-point.pl code.jquery.com *.ingbank.pl *.ing.pl *.googleapis.com www.google.com *.gstatic.com tagmanager.google.com https://platform.twitter.com s.ytimg.com https://www.ytimg.com; img-src 'self' data: *.e-point.pl img01-olxpl.akamaized.net apollo-ireland.akamaized.net https://img.youtube.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net tagmanager.google.com *.domy.pl *.hit.gemius.pl *.ingbank.pl https://syndication.twitter.com *.doubleclick.net www.google.com https://d-gr.ppstatic.pl clients1.google.com d-gr.ppstatic.pl www.google.pl https://www.i1.ytimg.com traffic.tgdaudience.com *.google-analytics.com *.gstatic.com https://img1.staticmorizon.com.pl *.ggpht.com ingbankslaski.d3.sc.omtrdc.net *.ing.pl content.ingbank.pl *.googleapis.com *.demdex.net *.twimg.com https://galeria.domiporta.pl https://platform.twitter.com; frame-src 'self' https://tbl.tradedoubler.com *.e-point.pl *.ingbank.pl *.ing.pl *.doubleclick.net *.demdex.net www.google.com traffic.tgdaudience.com www.youtube.com https://www.youtube.com *.hit.gemius.pl https://platform.twitter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.e-point.pl www.googleadservices.com *.adocean.pl https://www.oauth.googleusercontent.com tagmanager.google.com *.hit.gemius.pl code.jquery.com www.googletagmanager.com *.ingbank.pl https://syndication.twitter.com *.doubleclick.net www.google.com www.youtube.com https://www.fbstatic-a.akamaihd.net https://www.youtube.com s.ytimg.com assets.adobedtm.com *.google-analytics.com *.gstatic.com ingbankslaski.d3.sc.omtrdc.net *.ing.pl *.googleapis.com *.demdex.net https://cdn.syndication.twimg.com cdn.tgdaudience.com https://www.apis.google.com https://platform.twitter.com data:; object-src 'self' *.e-point.pl *.ingbank.pl *.ing.pl; connect-src 'self' *.e-point.pl https://*.twilio.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net traffic.tgdaudience.com *.google-analytics.com *.hit.gemius.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.ing.pl wss://*.twilio.com *.doubleclick.net *.demdex.net; frame-ancestors 'self' *.e-point.pl *.demdex.net *.ingbank.pl *.ing.pl;  2
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 2
default-src *.chowhound.com *.cbsinteractive.com cbsinteractive.com blob: *.chowhound.com https: 'unsafe-inline' 'unsafe-eval'; script-src blob: *.chowhound.com https: data: 'unsafe-inline' 'unsafe-eval'; media-src http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com http://canhls.cbs.com cbs-hls.akamaized.net blob: *.chowhound.com data: video https:; font-src *.chowstatic.com vidtech.cbsinteractive.com rev.cbsi.com fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: ; connect-src http://canhls.cbs.com http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com cbs-hls.akamaized.net https:; img-src https: data: http://thumbnails.cbsig.net; frame-src https:; frame-ancestors *.chowhound.com *.google.com *.ampproject.org; form-action https: http://*.chow.com http://*.chowhound.com; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 2
object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; report-uri /report-csp-violation 2
default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
default-src 'self' http://tribeca.vidavee.com https://www.facebook.com https://assets.adobedtm.com https://connect.facebook.net https://ad.doubleclick.net https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com https://*.map2.ssl.hwcdn.net; font-src 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://www.homeloans1.standardbank.co.za https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://www.youtube.com https://connect.facebook.net https://ad.doubleclick.net https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net https://tpc.googlesyndication.com https://snap.licdn.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-src *; 2
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 2
default-src 'self' https://cdn.zp.ru https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.zarplata.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru  data: https://i.giphy.com https://media.giphy.com  https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com  https://gum.criteo.com  https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://supportzarplata.zendesk.com  avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net ; child-src 'self' *.zarplata.ru *.zarplata.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://yastatic.net https://www.youtube.com https://reklama.ngs.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.ngs.ru; script-src 'self' https://www.googleadservices.com https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.ngs.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net  https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com https://cdn.onesignal.com https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://connect.facebook.net https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com https://*.maps.yandex.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data: https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src  'self' https://www.zarplata.ru https://auth.zarplata.ru https://www.zarplata.ru https://auth.zarplata.ru https://top-fwz1.mail.ru https://pay.zarplata.ru https://api.zp.ru https://stat.zp.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://ngsrabota.kz ws://kek.zp.ru https://sentry.zp.ru/ https://vk.com/rtrg  https://onesignal.com https://supportzarplata.zendesk.com  https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com an.yandex.ru mc.yandex.ru yandex.st yastatic.net ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; report-uri https://publiczpru.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 2
default-src 'self' assets.paystack.com https://www.googletagmanager.com https://www.google-analytics.com *.newrelic.com youtube.com https://cdn.amplitude.com 'unsafe-inline'; frame-src https://www.youtube.com; upgrade-insecure-requests 2
frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' http://allmed.mdlink.org https://allmed.mdlink.org http://allmedx.com https://allmedx.com https://demo.allmedx.com https://dev.allmedx.com; 2
frame-ancestors *.waves.com 2
default-src  * blob: 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com; 2
object-src 'none'; block-all-mixed-content 2
frame-ancestors *; 2
script-src 'self' maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2
frame-ancestors * 'self'; 2
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 2
report-uri /csp-report.php; default-src 'none'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net; connect-src 'self' https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors 'self' apps.blms.co.il www.leumitech.com hb2.bankleumi.co.il  hb3.bankleumi.co.il trade.bankleumi.co.il mortgage.blms.co.il hb.unionbank.co.il ; 2
frame-ancestors https://*.propellerads.com; 2
default-src https: *.hwcdn.net *.teeitup.com *.golfid.io; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval'; style-src https: data: *.hwcdn.net 'unsafe-inline'; img-src https: data: *.hwcdn.net s3.amazonaws.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 2
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.deployads.com https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.criteo.com https://*.casalemedia.com 2
frame-ancestors 'self' *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src ws: https: 'self'; frame-ancestors 'self'; 2
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp retrip.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp speee-ad.akamaized.net *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com bs.serving-sys.com *.bs.serving-sys.com; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 2
allow 'self'; options inline-script 2
default-src 'self' *.transunion.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com *.cibil.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.transunioncibil.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com *.cibil.com *.transunioncibil.com fonts.gstatic.com api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2
default-src http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.youtube.com https://*.youtube.com; script-src https://mobjs.b-cdn.net http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://*.googleadservices.com https://*.googleadservices.com http://*.googletagservices.com https://*.googletagservices.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://vk.com https://vk.com http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src http://*.googlesyndication.com https://*.googlesyndication.com 'self'; style-src https://mobjs.b-cdn.net https://mobimg.b-cdn.net https://www.google.com http://*.googleapis.com https://*.googleapis.com 'unsafe-inline'; media-src data: tones.mob.org ru.ringtones.mob.org fr.ringtones.mob.org es.ringtones.mob.org ringtones.mob.org.ru ringtones.mob.org.ua ringtones.mob.com.de ringtones.mob.org.pt ringtones.mob.org.cn ringtones.mob.gr.jp http://ahandfulof.me; img-src data: https://images.mob.org https://mobimg.b-cdn.net https://mobjs.b-cdn.net http://i.ytimg.com https://i.ytimg.com http://*.google-analytics.com https://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://vk.com https://vk.com https://mob.org http://*.facebook.com https://*.facebook.com http://*.googleapis.com https://*.googleapis.com http://*.doubleclick.net https://*.doubleclick.net http://check.googlezip.net http://img.youtube.com https://img.youtube.com; child-src http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://gstatic.com https://gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.doubleclick.net https://*.doubleclick.net http://youtube.ru https://youtube.ru http://youtube.com https://youtube.com http://*.youtube.ru https://*.youtube.ru http://*.youtube.com https://*.youtube.com http://vk.com https://vk.com http://*.facebook.com https://*.facebook.com 'self'; worker-src 'self'; frame-src https://mobimg.b-cdn.net http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://gstatic.com https://gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.doubleclick.net https://*.doubleclick.net http://youtube.ru https://youtube.ru http://youtube.com https://youtube.com http://*.youtube.ru https://*.youtube.ru http://*.youtube.com https://*.youtube.com http://vk.com https://vk.com http://*.facebook.com https://*.facebook.com; font-src data: https://mobjs.b-cdn.net http://fonts.gstatic.com https://fonts.gstatic.com; connect-src http://*.googleapis.com https://*.googleapis.com http://*.googlesyndication.com https://*.googlesyndication.com https://googleads.g.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://*.facebook.net https://*.facebook.net http://ahandfulof.me 'self'; report-uri https://mob.org/cspcollector.php 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
frame-ancestors https://www.saseurobonusshop.com/ 'self', frame-ancestors  'self' 2
default-src 'self' *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.company-target.com *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.mxpnl.com *.addthis.com *.vols7feed.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * data:; font-src data: *.transunion.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 2
default-src 'self'  data: blob:;                                                                     img-src 'self' 'unsafe-inline' data: blob:                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.youtube.com/                          https://youtube.com/                      https://t.ssl.ak.dynamic.tiles.virtualearth.net/                                                                             https://syndication.twitter.com/                                                                             https://platform.twitter.com/css/                                                                             https://abs.twimg.com/emoji/                                                                             https://pbs.twimg.com/profile_images/                                                                             https://pbs.twimg.com/media/                    https://*.audioeye.com/                                                                             ;                                                                      script-src 'self' 'unsafe-inline' 'unsafe-eval'                                                                              https://www.google.com/recaptcha/                                                                              https://www.gstatic.com/recaptcha/                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                           https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://platform.twitter.com/widgets.js                                                                             https://platform.twitter.com/js/                                                                             https://cdn.syndication.twimg.com/timeline/                    https://*.audioeye.com/                  ;                                                                     child-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                     ;                                                                     frame-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                                                                             ;                                                                     style-src 'self' 'unsafe-inline'                                                                              https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://platform.twitter.com/css/                    https://*.audioeye.com/                           ;                                                                     connect-src 'self'                                                                             https://www.bing.com/maps/                                                                             https://www.bing.com/fd/ls/                    https://*.audioeye.com/                                                                             ;                                                                     font-src 'self' data: blob:                                                                            https://*.audioeye.com/                                   ;                                                                     media-src 'self'                                                                           https://*.audioeye.com/ 2
default-src 'none'; style-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com/static/0.5/styles/themes/ https://s3.amazonaws.com/vwo-surveys/theme/ https://fonts.googleapis.com/ http://app.vwo.com/ ; media-src 'self'; font-src 'self' https://www.ing.fr/assets/fonts/ https://app.vwo.com/assets/fonts/ https://fonts.gstatic.com/ ; object-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com/analysis/ https://ampcid.google.com/v1/publisher:getClientId https://www.google.com/ads https://www.google.fr/ads https://amp-error-reporting.appspot.com/ https://stats.g.doubleclick.net/r/ https://ampcid.google.fr/ https://www.google-analytics.com/r/collect https://www.ing.fr/ https://services.opcvm360.com/api-v1/ https://cr-input.mxpnl.net/; img-src 'self' https://www.google.fr/ads/ https://www.google.com/ads/ https://news.ing.be/newsingbeimages/assets/ https://stats.g.doubleclick.net/r/collect/ data: http://chart.googleapis.com/ http://*.visualwebsiteoptimizer.com/  www.ing.fr www.google-analytics.com ssl.google-analytics.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://app.vwo.com/visitor-behavior-analysis/ https://www.google.com/jsapi http://b.mxpnl.net/cs/ http://trendtext.eu/metric/ http://trendtext.eu/ https://cse.google.com/cse/brand http://www.ing.fr www.google-analytics.com ssl.google-analytics.com www.google.com platform.twitter.com connect.facebook.net apis.google.com http://d5phz18u4wuww.cloudfront.net/ http://*.visualwebsiteoptimizer.com/ code.jquery.com; frame-src https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/visitor-behavior-analysis/ https://fls.doubleclick.net/ https://*.fls.doubleclick.net/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ http://www.google.com/cse https://cse.google.com/cse; child-src 'self' https://cse.google.com/cse http://cse.google.com https://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://apis.google.com/ http://www.google.com https://www.google.com http://r.turn.com https://r.turn.com http://platform.twitter.com/widgets https://accounts.google.com https://s-static.ak.facebook.com http://www.facebook.com/plugins;  2
frame-ancestors 'self' https://*.breuninger.com 2
img-src=loadbee.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://driver.ru https://*.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.by https://mc.yandex.uz https://mc.yandex.fr https://mc.yandex.com.tr https://yandex.st https://connect.facebook.net https://facebook.com https://web.facebook.com https://graph.facebook.com https://staticxx.facebook.com https://api-public.addthis.com https://edge.addthis.com https://m.addthis.com https://*.addthis.com https://m.addthisedge.com https://*.addthisedge.com https://s7.addthis.com https://connect.ok.ru https://vk.com https://login.vk.com https://widgets.pinterest.com https://www.linkedin.com https://www.odnoklassniki.ru https://www.reddit.com https://st.top100.ru https://cdn.ampproject.org https://csi.gstatic.com https://googleads.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://googletagmanager.com https://*.googletagservices.com https://www.gstatic.com https://adservice.google.ad https://adservice.google.ae https://adservice.google.al https://adservice.google.am https://adservice.google.as https://adservice.google.at https://adservice.google.az https://adservice.google.ba https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.bi https://adservice.google.bj https://adservice.google.bs https://adservice.google.bt https://adservice.google.bt https://adservice.google.by https://adservice.google.ca https://adservice.google.cd https://adservice.google.cf https://adservice.google.cf https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.cl https://adservice.google.cm https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.ck https://adservice.google.co.cr https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.kr https://adservice.google.co.ls https://adservice.google.co.ma https://adservice.google.co.mz https://adservice.google.co.nz https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.ve https://adservice.google.co.vi https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw https://adservice.google.com https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.bd https://adservice.google.com.bh https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.com.bz https://adservice.google.com.co https://adservice.google.com.cu https://adservice.google.com.cy https://adservice.google.com.ec https://adservice.google.com.eg https://adservice.google.com.et https://adservice.google.com.fj https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.com.gt https://adservice.google.com.hk https://adservice.google.com.jm https://adservice.google.com.kh https://adservice.google.com.kw https://adservice.google.com.lb https://adservice.google.com.ly https://adservice.google.com.mm https://adservice.google.com.mt https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.com.na https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.com.np https://adservice.google.com.om https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.pg https://adservice.google.com.ph https://adservice.google.com.pk https://adservice.google.com.pr https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.com.sg https://adservice.google.com.sv https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.uy https://adservice.google.com.vc https://adservice.google.com.vn https://adservice.google.cv https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.dz https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gg https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.gy https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.ie https://adservice.google.im https://adservice.google.iq https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.jo https://adservice.google.ki https://adservice.google.kg https://adservice.google.kz https://adservice.google.la https://adservice.google.li https://adservice.google.lk https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.mn https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.ne https://adservice.google.nl https://adservice.google.no https://adservice.google.nr https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.sc https://adservice.google.se https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.sm https://adservice.google.sn https://adservice.google.so https://adservice.google.sr https://adservice.google.st https://adservice.google.td https://adservice.google.tg https://adservice.google.tl https://adservice.google.tm https://adservice.google.tn https://adservice.google.to https://adservice.google.tt https://adservice.google.vg https://adservice.google.vu https://adservice.google.ws https://cdnjs.cloudflare.com https://cdn.ampproject.org;img-src https: data:;frame-src 'self' blob: https://watersoul.com https://www.facebook.com https://web.facebook.com https://m.facebook.com https://staticxx.facebook.com https://mc.yandex.ru https://s7.addthis.com https://edge.addthis.com https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net;connect-src 'self' wss://driver.ru wss://*.driver.ru wss://driverscollection.com wss://*.driverscollection.com https://driverscollection.com https://*.driverscollection.com https://yandex.ru https://*.yandex.ru https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.ua https://kraken.rambler.ru https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://www.google.com https://translate.googleapis.com https://*.google-analytics.com https://csi.gstatic.com https://stats.g.doubleclick.net https://m.addthis.com https://s7.addthis.com; report-uri https://driverscollection.com/csp-track.php; 2
frame-ancestors 'self' farmers.marketing.adobe.com 2
default-src 'self'; base-uri 'self'; form-action 'self' https://flightbookings.airnewzealand.co.kr https://flightbookings.airnewzealand.kr https://flightbookings.airnewzealand-ar.com https://flightbookings.airnewzealand-br.com https://flightbookings.airnewzealand.ca https://flightbookings.airnewzealand.cn https://flightbookings.airnewzealand.co.nz https://flightbookings.airnewzealand.co.uk https://flightbookings.airnewzealand.com.au https://flightbookings.airnewzealand.com.hk https://flightbookings.airnewzealand.com.sg https://flightbookings.airnewzealand.com.tw https://flightbookings.airnewzealand.com https://flightbookings.airnewzealand.de https://flightbookings.airnewzealand.eu https://flightbookings.airnewzealand.fr https://flightbookings.airnewzealand.hk https://flightbookings.airnewzealand.jp https://flightbookings.airnewzealand.pf https://flightbookings.airnewzealand.tw https://flightbookings.cn.airnewzealand.com https://flightbookings.de.airnewzealand.com https://flightbookings.en.airnewzealand-ar.com https://flightbookings.en.airnewzealand-br.com https://flightbookings.en.airnewzealand.cn https://flightbookings.eu.airnewzealand.com https://flightbookings.grabaseat.co.nz https://flightbookings.jp.airnewzealand.com https://koruclub.airnewzealand.com https://auth.airnewzealand.co.nz; script-src 'self' https://s-airnz.com https://p-airnz.com 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.rnengage.com https://*.custhelp.com https://www.youtube.com https://s.ytimg.com https://www.wufoo.com https://wufoo.com https://secure.wufoo.com https://s.wayin.com https://xd.wayin.com https://s.engagesciences.com https://display.engagesciences.com https://display.wayin.com https://chat-prod-ap-southeast-2.s3.amazonaws.com https://www.everestjs.net https://*.demdex.net https://www.google-analytics.com https://tagmanager.google.com  https://www.googletagmanager.com https://*.doubleclick.net https://www.googleadservices.com https://cdn-assets-prod.s3.amazonaws.com https://*.optimizely.com https://s.swiftypecdn.com https://upgrade.plusgrade.com https://nebula-cdn.kampyle.com https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://*.hotjar.com https://yourir.info https://*.airnewzealand.co.nz https://auth.airnewzealand.co.nz https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://musculahq.appspot.com https://dnn506yrbagrg.cloudfront.net https://xsell.expedia.com; style-src 'unsafe-inline' https://s-airnz.com https://p-airnz.com https://fonts.googleapis.com https://*.custhelp.com https://tagmanager.google.com https://s.swiftypecdn.com https://upgrade-cdn.plusgrade.com https://yourir.info 'self'; img-src https: data:; font-src https://s-airnz.com https://p-airnz.com https://fonts.googleapis.com https://fonts.gstatic.com https://dhm5hy2vn8l0l.cloudfront.net 'self'; media-src 'self' ; frame-src 'self' https://www.google.com https://nz.fltmaps.com https://airpointscalculator.co.nz https://www.youtube.com https://airnz.wufoo.com https://xd.wayin.com https://display.engagesciences.com https://*.demdex.net https://*.doubleclick.net https://www.googletagmanager.com https://*.cdn.optimizely.com https://nebula-cdn.kampyle.com https://*.hotjar.com https://*.airnewzealand.co.nz https://auth.airnewzealand.co.nz https://hotels.airnewzealand.co.nz; connect-src 'self' https://api.airnewzealand.co.nz https://api.airnz.ai https://auth.airnewzealand.co.nz https://chat-prod-ap-southeast-2.s3.amazonaws.com https://*.demdex.net *.tt.omtrdc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://logx.optimizely.com https://rum.optimizely.com https://errors.client.optimizely.com https://s.swiftypecdn.com https://search-api.swiftype.com https://*.kampyle.com ws://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io https://in.hotjar.com https://yourir.info https://ssl.google-analytics.com https://muscula.herokuapp.com; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 2
connect-src 'self' metrics-api.dimensions.ai cdn.intechopen.com rccwpbsf6b-1.algolianet.com rccwpbsf6b-2.algolianet.com rccwpbsf6b-3.algolianet.com rccwpbsf6b-dsn.algolia.net hm.baidu.com sentry.io www.google.com; default-src cdn.intechopen.com cdnintech.com uk1.siteimprove.com d1bxh8uas1mnw7.cloudfront.net d1uo4w7k31k5mn.cloudfront.net siteimproveanalytics.com www.google.com cdnjs.cloudflare.com badge.dimensions.ai 'self' metrics-api.dimensions.ai api.altmetric.com mts.intechopen.com api.intechopen.com badges.altmetric.com 'unsafe-eval' sentry.io 'unsafe-inline' rccwpbsf6b-2.algolianet.com rccwpbsf6b-3.algolianet.com rccwpbsf6b-dsn.algolia.net fonts.gstatic.com www.gstatic.com; font-src cdnintech.com cdnjs.cloudflare.com data: 'self' fonts.gstatic.com; img-src 'self' api.intechopen.com badge.dimensions.ai cdn.intechopen.com cdnintech.com d1uo4w7k31k5mn.cloudfront.net mts.intechopen.com uk1.siteimprove.com cdnjs.cloudflare.com privacy-policy.truste.com badges.altmetric.com hm.baidu.com www.gstatic.com assets-bagtheweb.s3.amazonaws.com; manifest-src 'self'; object-src cdn.intechopen.com 127.0.0.1; script-src-elem badge.dimensions.ai cdnintech.com www.google.com cdnjs.cloudflare.com d1bxh8uas1mnw7.cloudfront.net siteimproveanalytics.com api.altmetric.com 'unsafe-inline' 'self' www.gstatic.com www.googletagmanager.com; script-src badge.dimensions.ai cdnintech.com cdnjs.cloudflare.com siteimproveanalytics.com www.google.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com rccwpbsf6b-dsn.algolia.net 'unsafe-eval' 'unsafe-inline' 'self' www.gstatic.com; style-src-elem badge.dimensions.ai cdnjs.cloudflare.com fonts.googleapis.com d1bxh8uas1mnw7.cloudfront.net 'unsafe-inline' 'self'; style-src badge.dimensions.ai d1bxh8uas1mnw7.cloudfront.net cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; form-action 'self'; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; frame-src www.google.com; report-uri https://bbc8b283fbf6588bc03a3c7c39185f43.report-uri.com/r/d/csp/reportOnly 2
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src https://fedoramagazine.org;  2
frame-ancestors 'self' *.eur.nl 2
object-src 'none' ; img-src https: http: blob: data: ; frame-src http://* https://* https://www.google.com/recaptcha/ ; font-src https://marketing-cdn.hightail.com https://* http://* data: ; script-src data: 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com/embed/ http://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://cdn.heapanalytics.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://googleads.g.doubleclick.net/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ data https://marketing-cdn.hightail.com; 2
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 2
default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu; frame-src *.youtube.com *.twitter.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu ; connect-src https://cercador.upc.edu 'self' 2
frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 2
frame-ancestors 'self' http://dds-simplicit-prod.s3-website-ap-southeast-2.amazonaws.com http://dds-simplicit-v2-prod.s3-website-ap-southeast-2.amazonaws.com https://test.salesforce.com; 2
default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.instagram.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
frame-ancestors www.newwavecom.com 2
block-all-mixed-content; frame-ancestors 'self' 2
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 2
default-src 'unsafe-inline' 'unsafe-eval' data: *.princesspolly.com princesspolly.com aws-staging.princesspolly.com *.google.com b24c55b04577edcff120-ee732677a7df0f7e6b24d56d54ebab21.ssl.cf4.rackcdn.com *.google.com.au tr.snapchat.com d3qiwpvx49u195.cloudfront.net static.olark.com static.barilliance.com www.barilliance.net *.gstatic.com cdn.bronto.com *.google-analytics.com *.adsrvr.org www.facebook.com log.olark.com so.rlcdn.com *.tribalfusion.com *.yotpo.com *.googleadservices.com *.googlefontapis.com *.googleapis.com bacon.section.io cdn.nextopia.net sc-static.net *.g.doubleclick.net connect.facebook.net static.secure-afterpay.com.au p.bm23.com js-agent.newrelic.com www.googlecommerce.com *.gosquared.com intljs.rmtag.com www.ist-track.com *.olark.com *.creativecdn.com 17a8228ae99605dda31b-ee732677a7df0f7e6b24d56d54ebab21.r9.cf4.rackcdn.com t.cfjump.com *.hotjar.com www.googletagmanager.com x.skimresources.com r.dlx.addthis.com ocsp.digicert.com status.geotrust.com *.linksynergy.com *.gleam.io gleam.io vc.hotjar.io www.google.ae dsum-sec.casalemedia.com bam.nr-data.net *.criteo.net dn3y71tq7jf07.cloudfront.net d1l6p2sc9645hc.cloudfront.net d2jjzw81hqbuqv.cloudfront.net *.criteo.com www.youtube.com s.ytimg.com pixel.tapad.com nypi.dc-storm.com *.pinterest.com cx.atdmt.com vector.nextopiasoftware.com princesspolly.ecomm-nav.com www.google.com.ph prf.hn www.polyvore.com barilliance.net www.talkable.com live-cdn.me-tail.net buy.monypayments.com www.secure-afterpay.com.au portal.afterpay.com anaytics.nextopia.net *.afterpay.com *.afterpay.com.au pay.secure-monypayments.com princesspolly-embedded.myunidays.com *.myunidays.com ln-rules.rewardstyle.com ddcfq0gxiontw.cloudfront.net *.braintree-api.com *.braintreegateway.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forums.crateentertainment.com https://connect.facebook.net https://*.syndication.twimg.com https://*.twitter.com https://ssl.google-analytics.com https://assets.zendesk.com; img-src 'self' data: https://*.giphy.com https://*.tenor.com https://*.tinypic.com https://*.epvpimg.com https://*.gyazo.com https://*.imgur.com https://imgur.com https://static-cdn.jtvnw.net https://www.grimdawn.com https://*.twimg.com https://*.twitter.com https://*.syndication.twimg.com https://secure.gravatar.com https://ssl.google-analytics.com https://*.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://themes.googleusercontent.com; frame-src https://*.soundcloud.com https://forums.crateentertainment.com https://www.grimdawn.com https://www.crateentertainment.com https://bandcamp.com https://assets.zendesk.com https://*.facebook.com https://tautt.zendesk.com https://www.youtube.com https://www.humblebundle.com https://*.twitter.com; object-src 'none' 2
frame-ancestors 'self' https://*.etracker.com 2
default-src 'self'; script-src 'self'; 2
default-src 'self' 'unsafe-inline' 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
frame-ancestors 'self' http://*.gobdigital.gba.gob.ar  https://*.gobdigital.gba.gob.ar; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.nzbvortex.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.google.com; object-src 'none'; frame-ancestors 'self' 2
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://places-dsn.algolia.net https://places-3.algolianet.com; frame-src 'self'; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.fr https://www.google.com; font-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ 2
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 2
frame-ancestors https://*.hearstmags.com:* https://*.condenastdigital.com:*  https://staging.readystate.com:*  https://airbnbmag.com:*  https://hgtvcashsweepstakes.com:*  http://hgtvcashsweepstakes.com:*  https://*.believemagmedia.com:*  http://*.believemagmedia.com:*  http://devaws:*  http://devawsconde:* http://*.seventeen.com:* https://*.seventeen.com:* http://*.cosmopolitan.com:* https://*.cosmopolitan.com:* http://*.countryliving.com:* https://*.countryliving.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.goodhousekeeping.com:* https://*.goodhousekeeping.com:* http://*.harpersbazaar.com:* https://*.harpersbazaar.com:* http://*.housebeautiful.com:* https://*.housebeautiful.com:* http://*.marieclaire.com:* https://*.marieclaire.com:* http://*.oprah.com:* https://*.oprah.com:* http://*.popularmechanics.com:* https://*.popularmechanics.com:* http://*.redbookmag.com:* https://*.redbookmag.com:* http://*.townandcountrymag.com:* https://*.townandcountrymag.com:* http://*.veranda.com:* https://*.veranda.com:* http://*.delish.com:* https://*.delish.com:* http://*.foodnetwork.com:* https://*.foodnetwork.com:* http://*.hgtvmagazine.com:* https://*.hgtvmagazine.com:* http://*.elledecor.com:* https://*.elledecor.com:* http://*.caranddriver.com:* https://*.caranddriver.com:* http://*.elle.com:* https://*.elle.com:* http://*.womansday.com:* https://*.womansday.com:* http://*.roadandtrack.com:* https://*.roadandtrack.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.doctorozmag.com:* https://*.doctorozmag.com:* http://*.airbnbmag.com:* https://*.airbnbmag.com:* http://*.thepioneerwomanmagazine.com:* https://*.thepioneerwomanmagazine.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.womenshealthmag.com:* https://*.womenshealthmag.com:* http://*.menshealth.com:* https://*.menshealth.com:* http://*.bicycling.com:* https://*.bicycling.com:* http://*.runnersworld.com:* https://*.runnersworld.com:* http://*.prevention.com:* https://*.prevention.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.rodalebookazines.com:* https://*.rodalebookazines.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* 2
frame-ancestors 'self' u-sleep.umbian.com brightree.net *.u-sleep.umbian.com *.brightree.net 2
default-src 'self'; img-src * data:; media-src *; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' go.ero-advertising.com juicyads.com *.juicyads.com crate.widgetbot.io *.pantsu.cat * ; font-src 'self' * fonts.gstatic.com maxcdn.bootstrapcdn.com; child-src juicyads.com *.juicyads.com widgetbot.io *; connect-src 'self' r.remarketingpixel.com *.urldelivery.com go.ero-advertising.com etahub.com n.pc1ads.com native.propellerads.com syndication.exosrv.com *.exosrv.com *.widgetbot.io pagead2.googlesyndication.com *.googlesyndication.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; connect-src 'self' *.utsouthwestern.edu *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-26088679-2&cid=63721755.1556120185&jid=1696534874&gjid=798484853&_gid=1792316821.1557158687&_u=QCCAgAABAAAAAE~&z=1682155712 https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu *.hotjar.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu 2
block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 2
frame-ancestors *.newrelic.com 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com cdn-akamai.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com tags.tiqcdn.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com *.callrail.com content.healthwise.net cdn.merklesearch.com *.rkdms.com cdn.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.linkedin.com https://maps.googleapis.com https://player.vimeo.com 2
connect-src 'self' *.lmcdn.ru *.flocktory.com *.dynamicyield.com *.livetex.ru *.mail.ru *.yandex.ru *.lamoda.test *.google.ru *.google-analytics.com *.googletagmanager.com vk.com stats.g.doubleclick.net px.adhigh.net sentry-js.lamoda.ru fcm.googleapis.com ; manifest-src 'self' *.lamoda.ru *.lamoda.kz *.lamoda.by *.lamoda.ua *.lamoda.test ; default-src 'self' 'unsafe-inline' *.lmcdn.ru *.livetex.ru *.lamoda.test ; font-src 'self' data: *.lmcdn.ru *.flocktory.com *.livetex.ru *.lamoda.test fonts.googleapis.com fonts.gstatic.com ; frame-src 'self' *.criteo.com *.criteo.net *.flocktory.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.lmcdn.ru *.revo.ru *.revoplus.ru *.yandex.ru bid.g.doubleclick.net demo.revoplus.ru hdeapi.lamoda.ru o2.mail.ru sandbox.payture.com tag.rutarget.ru www.facebook.com www.surveygizmo.com ; img-src 'self' data: *.creativecdn.com *.criteo.com *.criteo.net *.flocktory.com *.google-analytics.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.googletagmanager.com *.lamoda.test *.livetex.ru *.lmcdn.ru *.mail.ru *.vk.com *.wbtrk.net *.webtrekk.net *.yandex.net *.yandex.ru maps.googleapis.com maps.gstatic.com 6093.xg4ken.com adlmerge.com ads.adfox.ru bs.serving-sys.com counter.rambler.ru creativecdn.com fbc.wcfbc.net pixel.everesttech.net secure.adnxs.com ssl.luxup.ru t.holder.com.ua vk.com www.facebook.com www.googletagmanager.com x.bidswitch.net x.cnt.my *.adriver.ru *.adscale.de *.contextweb.com *.cssrvsync.com *.doubleclick.net *.gemius.pl *.recreativ.ru *.weborama.fr *.webvisor.org *.yandex.ua ad.360yield.com ads.betweendigital.com ads.yahoo.com bbnaut.ibillboard.com cm.adform.net dsum-sec.casalemedia.com e1.emxdgt.com e1.emxdgt.com ib.adnxs.com pixel.rubiconproject.com simage2.pubmatic.com ssp-csync.smartadserver.com stat.radar.imgsmail.ru trc.taboola.com us-u.openx.net ; style-src 'self' blob: 'unsafe-inline' *.lmcdn.ru *.dynamicyield.com *.flocktory.com *.lamoda.test cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com tagmanager.google.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.criteo.com *.criteo.net *.dynamicyield.com *.flocktory.com *.google-analytics.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.googleapis.com *.lamoda.test *.livetex.ru *.lmcdn.ru *.wbtrk.net *.webtrekk.net *.xg4ken.com *.yandex.net *.yandex.ru ad.adriver.ru ajax.googleapis.com bam.nr-data.net cdn.branch.io cdn.rutarget.ru code.jquery.com connect.facebook.net d31j93rd8oukbv.cloudfront.net flocktory.com googleads.g.doubleclick.net googletagmanager.com hdeapi.lamoda.ru js-agent.newrelic.com oauth.mail.ru r.revo.ru r.revoplus.ru rebilly.github.io retarget.smi2.net top-fwz1.mail.ru vk.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.gstatic.com yastatic.net ; worker-src 'self' flocktory.com ; form-action 'self' connect.facebook.net www.facebook.com ; 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob:; font-src 'self' https: data:; img-src 'self' data: https: blob:; child-src https:; object-src https: 2
default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; report-uri /report/content-security-policy 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; 2
default-src 'self' https://fonts.gstatic.com;font-src 'self' data: https://fonts.gstatic.com ;style-src 'unsafe-inline' *;frame-src 'self' ;img-src * data:;media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com http://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://yandex.st https://yandex.st http://dle-news.org http://avrdi.com *.googletagmanager.com https://www.google-analytics.com ;connect-src *;object-src *;report-uri /csp.php 2
default-src 'self' http: https: 2
frame-ancestors 'self' http://www.1ch.us https://little.lolicatgirls.com 2
default-src 'self'  'unsafe-inline'  'unsafe-eval' i.4see.mobi ; script-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com http://tags.srv.stackadapt.com https://tags.srv.stackadapt.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com/ https://code.jquery.com/ http://assets.adobedtm.com https://assets.adobedtm.com http://cdn.optimizely.com https://cdn.optimizely.com http://use.typekit.net https://use.typekit.net http://fast.fonts.net/ https://fast.fonts.net/ http://gateway.answerscloud.com/ https://gateway.answerscloud.com/ http://*.foresee.com https://*.foresee.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://js.clickequations.net https://js.clickequations.net http://connect.facebook.net https://connect.facebook.net http://az416426.vo.msecnd.net/ https://az416426.vo.msecnd.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://localhost https://localhost http://localhost:* https://localhost:* http://*.googleapis.com https://*.googleapis.com http://*.inspectlet.com https://*.inspectlet.com http://*.openweathermap.org https://*.openweathermap.org http://*.sharethis.com https://*.sharethis.com http://*.sharethis.com https://*.sharethis.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.xg4ken.com https://*.xg4ken.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://*.bing.com https://*.bing.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.instagram.com  http://banfield-assets.azureedge.net https://banfield-assets.azureedge.net  http://banfield-images.azureedge.net https://banfield-images.azureedge.net  http://banfield-scripts.azureedge.net https://banfield-scripts.azureedge.net  https://remote.vroptimal-3dx-assets.com/ https://gateway.foresee.com/ i.4see.mobi https://cdn.schemaapp.com/ ; connect-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com blob: 'self' 'unsafe-inline' 'unsafe-eval' http://logx.optimizely.com/log/event https://logx.optimizely.com/log/event http://*.visualstudio.com https://*.visualstudio.com http://localhost https://localhost http://*.inspectlet.com https://*.inspectlet.com http://*.typekit.net https://*.typekit.net http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com http://*.sharethis.com https://*.sharethis.com http://*.optimizely.com https://*.optimizely.com https://analytics.foresee.com https://brain.foresee.com https://4seeresults.com https://foreseeresults.com https://www.google-analytics.com https://ssl.google-analytics.com/ i.4see.mobi https://device.4seeresults.com https://srv.stackadapt.com/ https://tags.srv.stackadapt.com https://ssl.google-analytics.com/ https://www.google.com/ https://data.schemaapp.com/ https://c.sharethis.mgr.consensu.org/ http://*.foresee.com https://*.foresee.com ; frame-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://prd01.launch.banfield.com/ https://checkout.globalgatewaye4.firstdata.com/payment 'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://www.google.com/ https://www.google.com/ http://www.youtube.com https://www.youtube.com http://gateway.answerscloud.com https://gateway.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.facebook.com https://*.facebook.com http://*.adobedtm.com https://*.adobedtm.com http://*.doubleclick.net https://*.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net http://*.sharethis.com https://*.sharethis.com http://*.rallybound.org https://*.rallybound.org http://*.cdn.optimizely.com https://*.cdn.optimizely.com http://sketchfab.com/ https://sketchfab.com/ http://*.cloudfront.net/ https://*.cloudfront.net/ https://demo.globalgatewaye4.firstdata.com/ https://www.vroptimal-3dx-assets.com/ https://static.vroptimal-3dx-assets.com/ https://connect.facebook.net/ i.4see.mobi ; img-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval' http://*.cloudflare.com https://*.cloudflare.com blob: http://*.iatspayments.com https://*.iatspayments.com http://*.bidswitch.net https://*.bidswitch.net http://*.adnxs.com https://*.adnxs.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://centro.pixel.ad https://centro.pixel.ad http://beacon.clickequations.net/ https://beacon.clickequations.net/ http://www.google.com https://www.google.com http://*.banfield.com https://*.banfield.com http://www.facebook.com https://www.facebook.com http://maps.googleapis.com https://maps.googleapis.com http://*.gstatic.com https://*.gstatic.com http://pixel.sitescout.com/ https://pixel.sitescout.com/ http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://media.banfield.com https://media.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://media-staging.banfield.com https://media-staging.banfield.com http://*.doubleclick.net https://*.doubleclick.net http://*.typekit.net https://*.typekit.net http://*.4seeresults.com https://*.4seeresults.com http://*.foreseeresults.com https://*.foreseeresults.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.truste.com https://*.truste.com http://*.googleadservices.com https://*.googleadservices.com http://*.xg4ken.com https://*.xg4ken.com http://*.sharethis.com https://*.sharethis.com http://*.bing.com https://*.bing.com http://*.azureedge.net https://*.azureedge.net http://sb.scorecardresearch.com/ https://sb.scorecardresearch.com/ https://foresee.mobi https://static.foresee.com/ https://gateway.foresee.com/ i.4see.mobi https://i.liadm.com/ https://pixel.rubiconproject.com/ https://pixel.advertising.com/ https://simage2.pubmatic.com/ ; style-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com http://*.fonts.net/ https://*.fonts.net/ 'self' http://*.iatspayments.com https://*.iatspayments.com 'unsafe-inline' 'unsafe-eval' http://*.fonts.net https://*.fonts.net http://fast.fonts.net https://fast.fonts.net http://*.banfield.com https://*.banfield.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.sharethis.com https://*.sharethis.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net http://*.azureedge.net https://*.azureedge.net https://gateway.foresee.com i.4see.mobi https://cdn.jsdelivr.net ; font-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.net https://fast.fonts.net http://*.gstatic.com https://*.gstatic.com http://use.typekit.net https://use.typekit.net http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.azureedge.net https://*.azureedge.net http://*.optimizely.com https://*.optimizely.com https://assets-staging.azureedge.net/ i.4see.mobi https://cdnjs.cloudflare.com https://scripts-staging.banfield.com http://*.foresee.com https://*.foresee.com ;   2
default-src 'unsafe-inline' 'unsafe-eval' https: data: 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;media-src 'self' blob:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;worker-src 'self' blob: 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com; worker-src https: blob: 2
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com *.verisign.com *.norton.com; style-src 'self' 'unsafe-inline' vietcombank.com.vn *.vietcombank.com.vn; img-src * 'self' data: vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com stats.g.doubleclick.net www.gstatic.com *.verisign.com *.norton.com *.longtailvideo.com; font-src 'self' data: vietcombank.com.vn *.vietcombank.com.vn; connect-src 'self' vietcombank.com.vn *.vietcombank.com.vn; frame-src 'self' gsa://onpageload; form-action *; report-uri /CspReport.ashx 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2
connect-src 'self' 2
default-src 'self' ; connect-src https://www.google-analytics.com https://www.facebook.com/tr/ 'self' https://*.cornelsen.de ; font-src 'self' https://*.cornelsen.de ; frame-src https://www.googletagmanager.com/ns.html 'self' https://*.cornelsen.de https://www.google.com/recaptcha/ https://www.youtube.com https://w.soundcloud.com https://docs.google.com/gview ; img-src https://www.google-analytics.com https://www.facebook.com https://www.econda-monitor.de https://monitor.econda-monitor.de 'self' https://*.cornelsen.de data: ; object-src 'none' ; script-src https://www.googletagmanager.com https://www.google-analytics.com https://monitor.econda-monitor.de 'self' https://*.cornelsen.de 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'self' https://*.cornelsen.de 'unsafe-inline' ; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' ; report-uri /__csp-report ; 2
frame-ancestors 'self' www.autodesk.com 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.aspnetcdn.com https://ajax.googleapis.com https://ak1s.abmr.net https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://mathid.mathtag.com https://pixel.mathtag.com https://platform.twitter.com https://script.crazyegg.com https://service.maxymiser.net https://st1.dialogtech.com https://tags.srv.stackadapt.com https://walkscore.com https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.rentpathcode.com;object-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.avalonprop.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://cf.kampyle.com;img-src 'self' data: http://image.email.avalonbay.com http://avaloncommunities.com http://static.avalonbay.com https://*.avalonbay.com https://*.avaloncommunities.com https://bat.bing.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://pixel.mathtag.com https://stats.g.doubleclick.net https://st2.dialogtech.com https://rt.spongecell.com https://walkscore.com https://ws.sessioncam.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com;media-src 'none';frame-src https://*.doubleclick.net https://*.merchante-solutions.com https://connect.facebook.net https://pixel.mathtag.com https://service.maxymiser.net https://syndication.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com;font-src 'self' data: https://fonts.gstatic.com;connect-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.avalonprop.com https://*.merchante-solutions.com https://identity.rentpathservices.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com;base-uri 'self';form-action 'self' https://connect.facebook.net https://www.facebook.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; report-uri /json/csp-violation 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2
report-uri https://sentry.iddqd.yandex.net/api/388/csp-report/?sentry_key=1915039caf274cfb8dcc6b9ce9aaf948; default-src 'self' yandex.ru yastatic.net *.yandex.net *.yandex.ru *.yandex.net *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org *.foodfox.ru *.payture.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru yastatic.net *.yandex.net *.yandex.ru *.yandex.net *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org localhost:3101; style-src blob: data: 'self' 'unsafe-inline' yandex.ru yastatic.net *.yandex.ru *.yandex.net *.foodfox.ru; font-src 'self' yastatic.net *.yandex.net; frame-src *; img-src data: * 2
script-src https: 'unsafe-eval' 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com *.google.com *.cloudflare.com *.jquery.com *.gyftr.com *.googleapis.com *.googlecode.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.googletagservices.com *.fontawesome.com *.google-analytics.com *.google.co.in *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.bootstrapcdn.com *.notifyvisitors.com *.linkedin.com *.pinterest.com *.twitter.com *.w3.org; 2
frame-src *; 2
'self'; 2
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2
default-src https: 2
font-src 'self' *.gstatic.com data:; img-src 'self' *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.googleapis.com data:;default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.youtube.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'   2
default-src 'none'; base-uri 'self' *.adform.net *.seadform.net; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.pay-read.se; frame-ancestors 'self' http://frame.bloglovin.com https://blogkeen.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 2
object-src 'none'; form-action 'self'; frame-ancestors 'none' 2
default-src *.globalsign.com *.globalsign.fr www.globalsign.com r1.globalsign.com r2.globalsign.com *.twitter.com *.twimg.com www.facebook.com connect.facebook.net *.linkedin.com https://snap.licdn.com *.yandex.ru https://cache.img.gmo.jp *.crazyegg.com *.google.com *.google.co.uk *.youtube-nocookie.com *.youtube.com *.google-analytics.com *.imgix.net *.imgix.com themes.googleusercontent.com *.appspot-preview.com *.googleapis.com *.gstatic.com www.googleadservices.com googleads.g.doubleclick.net *.amazonaws.com *.segment.io *.mixpanel.com *.segment.com *.mxpnl.com *.fontawesome.com *.media.tumblr.com *.addthis.com *.addthisedge.com https://stats.g.doubleclick.net https://bat.r.msn.com https://static.ads-twitter.com *.g.doubleclick.net static.doubleclick.net https://okt.to *.disqus.com disqus.com *.disquscdn.com *.swiftype.com *.swiftypecdn.com *.livechatinc.com *.boldchat.com js.maxmind.com *.googletagmanager.com *.bing.com *.okt.to *.oktopost.com *.cloudfront.net *.reachforce.com 'unsafe-inline' 'unsafe-eval' data: *.g.doubleclick.net *.doubleclick.net static.doubleclick.net static.ads-twitter.com *.ads-twitter.com *.google.com https://www.google.com *.t.co https://t.co https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://www.google.com https://static.ads.twitter.com https://googleads.g.doubleclick.net *.cloudfront.net cloudfront.net *.youtube-nocookie.com secure.livechatinc.com; child-src 'self' *.globalsign.com *.cloudfront.net *.youtube-nocookie.com *.livechatinc.com *.boldchat.com *.imgix.net *.imgix.com *.addthis.com *.disqus.com https://disqus.com www.disqus.com https://www.google.com https://www.youtube.com www.youtube.com *.yandex.ru https://cache.img.gmo.jp *.linkedin.com https://snap.licdn.com *.amazonaws.com *.ads-twitter.com *.googleadservices.com *.segment.com *.g.doubleclick.net static.doubleclick.net *.fontawesome.com *.media.tumblr.com *.r.msn.com *.reachforce.com blob: 2
script-src 'self' stats.waterfox.net cdn.commento.io; frame-src 'self' stats.waterfox.net cdn.commento.io; object-src 'self' 2
default-src 'self'; script-src https://*.helsenorge.no https://helsenorge.no https://assets.adobedtm.com blob: 'unsafe-inline' 'unsafe-eval'; style-src https://*.helsenorge.no 'self' 'unsafe-inline'; img-src data: https://*.helsenorge.no https://helsenorge.no https://cm.everesttech.net https://dpm.demdex.net https://ehelse.d3.sc.omtrdc.net; font-src data: https://*.helsenorge.no; connect-src https://*.helsenorge.no https://helsenorge.no https://dpm.demdex.net; frame-src https://minhelse.helsenorge.no https://www.youtube.com https://player.vimeo.com https://dpm.demdex.net https://helsenorge.demdex.net https://www.youtube-nocookie.com; frame-ancestors 'none'; object-src 'self'; upgrade-insecure-requests; report-uri https://f1a79774c38073e7aa3a3ef3a9a0bc6b.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' m.gi.rgsgames.com gamesyses-static.casinomodule.com gamesyses-game.casinomodule.com; 2
frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.trustarc.com connect.facebook.net cdnjs.cloudflare.com www.googletagmanager.com tagmanager.google.com https://remote.captcha.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://code.jquery.com ssl.google-analytics.com https://s3.amazonaws.com/scripts-clickmeter-com/js/go.js https://player.vimeo.com https://www.gstatic.com ajax.googleapis.com www.google-analytics.com munchkin.marketo.net snap.licdn.com https://maxcdn.bootstrapcdn.com eu-icon-qa-sf.truste-svc.net consent.truste.com consent.trustarc.com staticxx.facebook.com www.facebook.com googleads.g.doubleclick.net www.googleadservices.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.linkedin.com https://dc.ads.linkedin.com https://ssl-munchkin.marketo.net https://apis.google.com https://platform.twitter.com https://boards.greenhouse.io https://cdn.walkme.com https://d3sbxpiag177w8.cloudfront.net https://translate.google.com https://translate.googleapis.com https://hire.withgoogle.com https://djtflbt20bdde.cloudfront.net; img-src 'self' https://www.trustarc.com http://s3-us-west-1.amazonaws.com https://s3-us-west-1.amazonaws.com https://www.truste.com https://info.trustarc.com http://static.truste.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com https://web.facebook.com https://maps.gstatic.com https://privacy-policy.truste.com https://login.truste.com www.facebook.com www.google.com eu-icon-qa-sf.truste-svc.net consent.trustarc.com www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://ssl.google-analytics.com https://static.licdn.com data: https://stats.g.doubleclick.net https://www.linkedin.com https://syndication.twitter.com https://ec.walkme.com https://googleads.g.doubleclick.net https://choices.trustarc.com https://translate.googleapis.com https://translate.google.com https://www.google.ca https://secure.gravatar.com; frame-src 'self' https://www.trustarc.com https://player.vimeo.com staticxx.facebook.com https://info.trustarc.com eu-icon-qa-sf.truste-svc.net consent-pref.trustarc.com https://www.youtube.com https://www.google.com https://download.trustarc.com https://platform.twitter.com https://www.facebook.com https://platform.linkedin.com https://apis.google.com https://syndication.twitter.com https://accounts.google.com https://boards.greenhouse.io https://cdn.walkme.com consent-pref.truste.com https://hire.withgoogle.com https://googleads.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://consent.trustarc.com; style-src 'unsafe-inline' 'self' https://www.trustarc.com fonts.googleapis.com tagmanager.google.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com https://djtflbt20bdde.cloudfront.net; connect-src 'self' 846-llz-652.mktoresp.com https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://ec.walkme.com https://translate.googleapis.com https://trackerapi.trustarc.com https://hire.withgoogle.com https://my.yoast.com; frame-ancestors 'self' https://info.trustarc.com https://download.trustarc.com assess.truste.com assess-stage.truste.com gda-dev.truste-svc.net; 2
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com kpn-reload.liquix.eu dwin1.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com api.api.ai tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com; object-src 'self' 2
frame-src 'self' *.jiathis.com *.baidu.com 2
default-src data: https: 'unsafe-inline'; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2
connect-src cgchat.callguide.telia.com 'self' pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com stats.g.doubleclick.net www.google.se; default-src 'self'; font-src https://fonts.gstatic.com 'self' data:; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net www.youtube.com youtube.com go.pardot.com; img-src img.youtube.com https://optimize.google.com 'self' stats.g.doubleclick.net www.google.se beacon.krxd.net d6tizftlrpuof.cloudfront.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com data: media.krxd.net www.google-analytics.com; report-uri /.api/csp-report/v1/report?teamId=c7285fd5-e64175ae-358eb00b; script-src consumer.krxd.net 'unsafe-inline' https://optimize.google.com 'self' cdn.krxd.net beacon.krxd.net d6tizftlrpuof.cloudfront.net www.googletagmanager.com core.dch.got.telia.se *.usabilla.com media.krxd.net 'unsafe-eval' www.google-analytics.com; style-src 'unsafe-inline' d6tizftlrpuof.cloudfront.net https://optimize.google.com 'self' core.dch.got.telia.se media.krxd.net https://fonts.googleapis.com 2
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 2
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com ; frame-ancestors 'self' https://*.belastingdienst.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com data: https://*.belastingdienst.nl ;font-src 'self' https://*.belastingdienst.nl; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://f1-eu.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://*.belastingdienst.nl https://f1-eu.readspeaker.com 'unsafe-inline' 2
frame-ancestors 'self' https://mpv.orcasnet.com/ https://psa.digitalinsight.com/  https://www.elevationsbanking.com 2
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
default-src 'self' 'unsafe-inline' * data: http: https: wss:; img-src * data: mediastream: blob: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; frame-ancestors 'self'; 2
upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' https://fressnapf.marketing.adobe.com https://confluence.fressnapf.de https://*.fnfarm.de app.fressnapf.de; 2
frame-ancestors 'self' *.ubt.com ubt-beta.wealthcareportal.com ubt.wealthcareportal.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' msg.playcanvas.com code.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com cdn.webglstats.com https://s3-eu-west-1.amazonaws.com 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org 2
default-src 'self' *.cms.vwfs.tools server.adform.net vwfs.demdex.net *.iadvize.com fonts.gstatic.com; img-src 'self' data: *.cms.vwfs.tools *.volkswagenbank.de *.omtrdc.net img.youtube.com googleads.g.doubleclick.net static.doubleclick.net *.iadvize.com maps.googleapis.com maps.gstatic.com i.ytimg.com cm.everesttech.net; script-src 'self' 'unsafe-eval' *.volkswagenbank.de *.omtrdc.net *.iadvize.com *.youtube.com s.ytimg.com googleads.g.doubleclick.net static.doubleclick.net maps.googleapis.com storagewebcalcweud.blob.core.windows.net www.volkswagenbank-cloud.de assets.adobedtm.com; style-src 'self' 'unsafe-inline' *.iadvize.com fonts.googleapis.com; connect-src 'self' calculator.volkswagenbank.de dpm.demdex.net cm.everesttech.net *.iadvize.com wss://*.iadvize.com *.youtube.com cfpoi-search.p-sunhill.com; frame-src * 2
frame-ancestors www.facebook.com 'self' 2
upgrade-insecure-requests; frame-ancestors 'self' https://explore.avalara.com https://www.compli-beverage.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 2
default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' www.epic.com www-dev.epic.com data: www.google-analytics.com; frame-src 'self' https://www.youtube.com 2
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 2
object-src 'self'; frame-ancestors 'self'; 2
frame-ancestors https://thuem.de 'self' 2
frame-ancestors 'self' payments.istopay.com 2
default-src 'self'; base-uri 'self'; form-action 'self' https://flightbookings.airnewzealand.co.kr https://flightbookings.airnewzealand.kr https://flightbookings.airnewzealand-ar.com https://flightbookings.airnewzealand-br.com https://flightbookings.airnewzealand.ca https://flightbookings.airnewzealand.cn https://flightbookings.airnewzealand.co.nz https://flightbookings.airnewzealand.co.uk https://flightbookings.airnewzealand.com.au https://flightbookings.airnewzealand.com.hk https://flightbookings.airnewzealand.com.sg https://flightbookings.airnewzealand.com.tw https://flightbookings.airnewzealand.com https://flightbookings.airnewzealand.de https://flightbookings.airnewzealand.eu https://flightbookings.airnewzealand.fr https://flightbookings.airnewzealand.hk https://flightbookings.airnewzealand.jp https://flightbookings.airnewzealand.pf https://flightbookings.airnewzealand.tw https://flightbookings.cn.airnewzealand.com https://flightbookings.de.airnewzealand.com https://flightbookings.en.airnewzealand-ar.com https://flightbookings.en.airnewzealand-br.com https://flightbookings.en.airnewzealand.cn https://flightbookings.eu.airnewzealand.com https://flightbookings.grabaseat.co.nz https://flightbookings.jp.airnewzealand.com https://auth.airnewzealand.co.nz; script-src 'self' https://s-airnz.com https://p-airnz.com 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.rnengage.com https://airnzcaus.custhelp.com https://airnzcaus.widget.custhelp.com https://player.vimeo.com https://www.youtube.com https://s.ytimg.com https://www.wufoo.com https://wufoo.com https://secure.wufoo.com https://s.wayin.com https://xd.wayin.com https://s.engagesciences.com https://display.engagesciences.com https://www.everestjs.net https://*.demdex.net https://www.google-analytics.com https://tagmanager.google.com  https://www.googletagmanager.com https://*.doubleclick.net https://www.googleadservices.com https://cdn-assets-prod.s3.amazonaws.com https://*.optimizely.com https://s.swiftypecdn.com https://upgrade.plusgrade.com https://nebula-cdn.kampyle.com https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://*.hotjar.com https://yourir.info https://t.a3cloud.net https://ib.adnxs.com https://auth.airnewzealand.co.nz https://ssl.google-analytics.com https://cdnjs.cloudflare.com; style-src 'unsafe-inline' https://s-airnz.com https://p-airnz.com https://fonts.googleapis.com https://airnzcaus.widget.custhelp.com https://tagmanager.google.com https://s.swiftypecdn.com https://upgrade-cdn.plusgrade.com https://yourir.info 'self'; img-src https: data:; font-src https://s-airnz.com https://p-airnz.com https://fonts.googleapis.com https://fonts.gstatic.com https://dhm5hy2vn8l0l.cloudfront.net 'self'; media-src 'self' https://video.cdnvue.com ; frame-src 'self' https://www.google.com https://nz.fltmaps.com https://player.youku.com https://v.qq.com https://player.vimeo.com https://www.youtube.com https://airnz.wufoo.com https://xd.wayin.com https://display.engagesciences.com https://*.demdex.net https://*.doubleclick.net https://www.googletagmanager.com https://*.cdn.optimizely.com https://nebula-cdn.kampyle.com https://*.hotjar.com; connect-src 'self' https://api.airnewzealand.co.nz https://api.airnz.ai https://auth.airnewzealand.co.nz https://*.demdex.net *.tt.omtrdc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://logx.optimizely.com https://rum.optimizely.com https://errors.client.optimizely.com https://s.swiftypecdn.com https://search-api.swiftype.com https://*.kampyle.com ws://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io https://in.hotjar.com https://yourir.info https://ssl.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 2
default-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; frame-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com youtube.com *.youtube.com; font-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; img-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google-analytics.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; connect-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google.com; report-uri https://sentry.io/api/1438092/security/?sentry_key=c4f9287549384b1ebab3ca38ac17a0d3 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.googleapis.com *.youtube.com *.ytimg.com *.gstatic.com cse.google.com www.google.com *.googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com www.google.com tagmanager.google.com; report-uri /csp/report/; default-src 'self' *.gstatic.com g-design.storage.googleapis.com storage.googleapis.com; frame-src 'self' www.google.com *.googleusercontent.com www.youtube.com accounts.google.com apis.google.com plus.google.com cse.google.com; img-src 'self' data: s.ytimg.com *.googleusercontent.com *.gstatic.com www.google-analytics.com storage.googleapis.com www.gravatar.com www.googleapis.com www.google.com clients1.google.com stats.g.doubleclick.net; connect-src 'self' plus.google.com www.google-analytics.com; font-src 'self' themes.googleusercontent.com *.gstatic.com 2
frame-ancestors 'self' *.royalpanda.com *.rpaffiliates.com; 2
default-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; script-src 'self' https://www.googletagmanager.com https://maps.googleapis.com https://developers.google.com https://www.googleadservices.com https://cdn.optimizely.com https://www.youtube.com https://platform.linkedin.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://js.adsrvr.org https://rum-static.pingdom.net https://googleads.g.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://jobadder.com https://apps.jobadder.com https://s.ytimg.com https://calculators.infochoice.com.au https://www.linkedin.com https://tagmanager.google.com https://*.addthis.com https://*.addthisedge.com data: 'unsafe-inline' 'unsafe-eval'; connect-src *; upgrade-insecure-requests; 2
frame-ancestors 'self' https://www.bharatpetroleum.in 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;        script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'        'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'         'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'         'unsafe-inline' 'unsafe-eval'; font-src 'self'                                                          'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.astrill.com *.astrill-mirror.com *.astrill-order.com 2
connect-src 'self' *.ispapi.net wss:; default-src https:; img-src 'self' data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th 2
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors www.globalblue.com www.globalblue.cn www.globalblue.ru secure.globalblue.com 2
default-src 'self' https://myfritz.net https://www.myfritz.net https://gateway.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de ; script-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de data: ; style-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de 'unsafe-inline'; frame-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de https://www.google.com/recaptcha/; font-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de data:; 2
default-src * 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;object-src 'self' data: 2
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fensterversand.com *.amazonaws.com *.cloudflare.com *.cloudfront.net *.typekit.net *.google.com *.google.de *.googleapis.com *.googlecode.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.trustedshops.com *.bootstrapcdn.com *.youtube.com *.ytimg.com *.jquery.com *.typeform.com *.doubleclick.net *.userlike.com *.optimizely.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io data: *.usd.de *.sofort.com *.billpay.de *.paypal.de *.paypal.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.hotjarconsent.com *.mouseflow.com *.bing.com *.mozilla.org *.jsdelivr.net; plugin-types application/javascript application/pdf application/xml application/zip image/jpeg image/gif image/png image/svg+xml image/webp image/x-icon text/css 2
frame-ancestors 'self' https://*.backstreetmerch.com https://*.livenationmerch.com https://www.joestrummer.com https://eustore.rogerwaters.com https://www.trailerparkboysmerch.com https://store.niallhoran.com https://shop.thebodycoach.com https://merchandise.footballmanager.com https://shop.little-mix.com https://shop.shanefilan.com https://merch.bulletformyvalentine.com https://merch.raksu-official.com 2
frame-ancestors 'self' https://pre-www.audi.ca https://*.force.com https://*.salesforce.com https://*.visualforce.com https://*.documentforce.com https://*.lightning.com https://*.salesforce-communities.com https://*.forceusercontent.com; 2
default-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no; frame-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no 2
frame-ancestors 'self' *.ergodirekt.de:* *.qv.de:* *.ergo.com:* *.ergo:* *.ergo.de; 2
frame-ancestors 'self' http://www.omo.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
'none' 2
frame-ancestors 'self' http://www.rexona.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none' 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com 2
default-src 'none'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net; connect-src https: wss: 'self' www.gov.uk yoast.com *.hotjar.com; img-src https: 'self' data: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com; style-src https: 'self' 'unsafe-inline' djtflbt20bdde.cloudfront.net fonts.googleapis.com; frame-src https: 'self' www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com; font-src https: 'self' data: fonts.gstatic.com; media-src https: 'self' media.nominet.uk; frame-ancestors 'self'; base-uri 'self' *.helpscout.net; form-action 'self' *.theukdomain.uk forms.hsforms.com; object-src 'self' *.cloudfront.net; manifest-src 'self'; 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
default-src 'none'; connect-src 'self' http: https: wss:; font-src 'self' http: https:; form-action 'self' http: https:; frame-src 'self' http: https:; frame-ancestors 'self' http: https:; img-src 'self' 'unsafe-inline' http: https: data:; media-src 'self' http: https:; object-src 'self' http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; worker-src 'self' http: https:; child-src 'self' http: https 2
frame-ancestors 'self' https://yritys.tunnistus.fi https://htesti.katso.tunnistus.fi 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com ymetrica1.com https://ymetrica1.com yastatic.net https://yastatic.net www.google-analytics.com https://www.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com code.jquery.com https://code.jquery.com ads.exosrv.com https://ads.exosrv.com; img-src 'self' data: mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com ymetrica1.com https://ymetrica1.com yastatic.net https://yastatic.net mc.webvisor.org https://mc.webvisor.org www.google-analytics.com https://www.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.bongacams.com https://*.bongacams.com *.bimbolive.com https://*.bimbolive.com counter.yadro.ru https://counter.yadro.ru static.exosrv.com https://static.exosrv.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.googleapis.com; font-src 'self' data: *.gstatic.com https://*.gstatic.com; media-src 'self' mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com ssl-promo.bongacams.com https://ssl-promo.bongacams.com db.promo-bc.com https://db.promo-bc.com static.exosrv.com https://static.exosrv.com; connect-src 'self' mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com wss://mirsexy.net:2345 syndication.exosrv.com https://syndication.exosrv.com; frame-src 'self' mirsexyembed.com https://mirsexyembed.com chat.mirsexy.com https://chat.mirsexy.com; object-src 'self' mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com; 2
img-src https: data: blob:; child-src https:; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2
frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'self' 2
frame-ancestors 'self' cdn.blueconic.net latt.blueconic.net 2
default-src 'self'; img-src * blob:; frame-src 'self' www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' dmaps.daum.net t1.daumcdn.net s1.daumcdn.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' s1.daumcdn.net fonts.googleapis.com t1.daumcdn.net; font-src 'self' fonts.gstatic.com; 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';img-src data: https: 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 2
default-src * data: 'unsafe-inline' 'unsafe-eval' ; 2
frame-ancestors 'self' http://intacct.lookbookhq.com https://intacct.lookbookhq.com http://go.intacct.com https://go.intacct.com http://go.sageintacct.com https://go.sageintacct.com; 2
referrer unsafe-url; 2
frame-ancestors   https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
form-action https:; upgrade-insecure-requests 2
frame-ancestors 'self' http://misaludapp.com https://misaludapp.com http://www.lifesenssei.com https://www.lifesenssei.com 2
default-src 'self' data: https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self' https://thelab.pathfactory.com https://content.lithium.com; upgrade-insecure-requests; 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com zz.connextra.com s.btstatic.com s.thebrighttag.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 2
default-src 'self'; connect-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; font-src * data:  filesystem:; frame-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; img-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; media-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; object-src * data:  filesystem:  blob:  'unsafe-inline' 'unsafe-eval'; script-src * blob:  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.spaargids.be https://www.gstatic.com  blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.spaargids.be https://www.gstatic.com  blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src *; media-src https: data: blob:; upgrade-insecure-requests; child-src 'self' https: https://www.spaargids.be blob:; 2
base-uri ' ' 2
1 2
frame-ancestors trendsales.dk *.trendsales.dk ts.dk *.ts.dk trendsale.dk *.trendsale.dk tradono.dk tradono.com tradono.co.uk:5001 *.tradono.com 2
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://img.youtube.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com; upgrade-insecure-requests 2
script-src 'self' https://*.nfb.ca https://*.onf.ca https://cdnjs.cloudflare.com https://player.vimeo.com https://maps.googleapis.com https://graph.facebook.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com connect.facebook.net *.google-analytics.com sb.scorecardresearch.com widget.surveymonkey.com apis.google.com cdnapisec.kaltura.com cdnapi.kaltura.com widget.surveymonkey.com www.gstatic.com js.adsrvr.org survey.g.doubleclick.net https://www.google.com https://adservice.google.ca https://survey.g.doubleclick.net; style-src 'self' https://*.nfb.ca https://*.onf.ca https://cdnjs.cloudflare.com 'unsafe-inline' hello.myfonts.net fonts.googleapis.com tagmanager.google.com https://www.google.com; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca; default-src 'none'; frame-src 'self' https://*.google.com https://www.gstatic.com https://www.facebook.com https://insight.adsrvr.org https://esqa.moneris.com https://www3.moneris.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://*.nfb.ca https://*.onf.ca https://player.twitch.tv; worker-src 'self' *.onf.ca *.nfb.ca https://*.kaltura.com blob:; img-src 'self' sb.scorecardresearch.com b.scorecardresearch.com *.google-analytics.com cfvod.kaltura.com www.facebook.com http://*.onf.ca http://*.nfb.ca https://*.onf.ca https://*.nfb.ca https://*.kaltura.com stats.g.doubleclick.net *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://interactive-cms-dev.s3.amazonaws.com http://*.gravatar.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net; media-src 'self' https://*.onf.ca https://*.nfb.ca https://*.kaltura.com https://dkyhanv6paotz.cloudfront.net blob:; object-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com https://www.facebook.com https://s3.amazonaws.com *.google-analytics.com; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com cdnapi.kaltura.com cdnapisec.kaltura.com data: 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.scot.nhs.uk http://*.nhsgrampian.org https://*.nhsgrampian.org; upgrade-insecure-requests 2
upgrade-insecure-requests; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2
default-src 'self' *; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline' 2
script-src 'unsafe-inline' 'unsafe-eval' https:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it https://www.youtube.com www.googleadservices.com https://*.g.doubleclick.net www.google-analytics.com *.googleapis.com wurfl.io *.gstatic.com *.google.com *.google.it www.compass.it *.opentok.com ws: wss://*.tokbox.com https://*.tokbox.com; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com www.google-analytics.com data:; frame-ancestors 'self' https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it; frame-src 'self' 'unsafe-inline' https://www.youtube.com data: https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it; object-src 'self' 'unsafe-inline' data: https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it; 2
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.io/r/default/csp/enforce 2
frame-ancestors https://viewtripnextgen-api.travelport.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.mappila.com https://*.tutorhunt.com https://*.googleapis.com www.google-analytics.com https://maps.google.com  s3.amazonaws.com; object-src 'self' s3.amazonaws.com; style-src 'unsafe-inline' 'self' s3.amazonaws.com https://*.googleapis.com https://www.mappila.com; img-src 'self' data: www.google-analytics.com maps.google.com openlayers.org https://openlayers.org https://www.mappila.com data:https://*.tile.openstreetmap.org https://*.google.com https://*.googleapis.com; media-src 'self'; frame-src 'self' https://www.youtube.com ; font-src 'self' https://*.tutorhunt.com https://fonts.gstatic.com; connect-src 'self' 2
frame-ancestors self https://*.nytm.org https://*.nytm.org 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
frame-ancestors 'self' https://sdesk.adeo.pro/ https://adeo.pro/ https://adeopro.ru 2
frame-ancestors 'self' https://centerparcs.experiencecloud.adobe.com 2
script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.snowleader.com *.snowleader.be *.snowleader.ch *.snowleader.de *.snowleader.at *.snowleader.co.uk *.snowleader.es *.google.com *.googleapis.com googleapis.com www.googlecommerce.com www.google-analytics.com www.googleadservices.com *.gstatic.com www.googletagmanager.com *.zopim.com *.criteo.com static.criteo.net tracker.twenga.fr t.c4tw.net api2.reversoform.com *.bazaarvoice.com use.typekit.net mpsnare.iesnare.com connect.facebook.net *.twitter.com cdn.syndication.twimg.com d31qbv1cthcecs.cloudfront.net https://display.ugc.bazaarvoice.com https://apis.google.com https://d31qbv1cthcecs.cloudfront.net https://stg.api.bazaarvoice.com https://mpsnare.iesnare.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com https://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://maps.googleapis.com https://secure.skypeassets.com www.skypeassets.com https://98t4f62uw1.kameleoon.eu https://ewnxky8h6u.kameleoon.eu https://hht0f37q6v.kameleoon.eu https://mm14aijsxz.kameleoon.eu https://74m0rlm9ta.kameleoon.eu *.kameleoon.eu *.kameleoon.com https://mc.yandex.ru https://yastatic.net https://widgets.trustedshops.com https://js-agent.newrelic.com https://bam.nr-data.net http://widgets.trustedshops.com https://www.eoft.eu/ https://player.vimeo.com https://widget.trustpilot.com https://outdoor-ticket.net https://www.outdoor-ticket.net https://js.datadome.co 2
default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io; media-src 'self'; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io; report-uri /report-csp-violation 2
default-src inline kohlkanal.net 'self'; script-src 'self'; connect-src 'self'; img-src 'self' https://kohlkanal.net https://*.tile.openstreetmap.org data:; style-src 'unsafe-inline' 'self'; frame-src https://*.kohlchan.net einskanal.net dietchan.org loadaverage.org kohlkanal.net 'self'; worker-src 'unsafe-inline' 'unsafe-eval' 'self' 2
default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
frame-ancestors 'self' http://*.staatsbibliothek-berlin.de https://*.staatsbibliothek-berlin.de; 2
default-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net; img-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net data:; connect-src 'self'; script-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net 'unsafe-inline' 'unsafe-eval'; style-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net 'unsafe-inline' 2
default-src 'self' www.kayak.co.uk www.kayak.es www.kayak.fr www.kayak.it www.kayak.de www.swoodoo.com *.googleadservices.com stats.g.doubleclick.net *.clicktripz.com                                                                   *.google.com *.twitter.com www.hotelopia.com www.hotelopia.es www.google-analytics.com *.redintelligence.net *.optimizely.com                      *.tripadvisor.com smct.co *.smct.co *.affilired.com *.hotelcdn.com prf.hn *.doubleclick.net www.facebook.com;                               script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn4.hotelopia.com publicws.hotelopia.com *.google.com *.googleapis.com *.google.com/jsapi                                    tags.tiqcdn.com *.google-analytics.com tealium.hs.llnwd.net *.clicktripz.com *.ekomi.de js.logentries.com                      *.hotelbeds.com *.twitter.com *.gstatic.com smct.co *.optimizely.com www.hotelopia.com www.hotelopia.es *.getclicky.com                     *.smct.co *.affilired.com emjcd.com www.kayak.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net                     *.lenmit.com *.asbmit.com *.cooladata.com connect.facebook.net tpc.googlesyndication.com d3c3cq33003psk.cloudfront.net                     *.amazonaws.com/opentag/ *.amazonaws.com/opentag-dev/;                  img-src 'self' data: *.hotelbeds.com publicws.hotelopia.com *.tripadvisor.com cdn4.hotelopia.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com                                   *.google.com/ads *.google.es/ads csi.gstatic.com maps.gstatic.com maps.googleapis.com *.ekomi.de *.clicktripz.com *.activitiesbank.com *.twitter.com                    *.googleapis.com *.trivago.com smct.co evo.cdnstc.com *.smct.co *.tradedoubler.com *.hotelcdn.com emjcd.com *.skyscnr.com prf.hn www.kayak.com                    *.affilired.com *.cooladata.com www.facebook.com *.google.es *.emjcd.com cj.dotomi.com *.tradetracker.net shareasale.com                     lamp.glopss.com www.dwin1.com www.zenaps.com www.awin1.com;                  style-src 'self' 'unsafe-inline' cdn4.hotelopia.com fonts.googleapis.com *.bootstrapcdn.com smct.co *.smct.co *.affilired.com emjcd.com;                                   media-src 'self' *.cdn4.hotelopia.com *.smct.co smct.co *.affilired.com www.kayak.com;                  font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.hotelbeds.com *.smct.co smct.co *.amazonaws.com/opentag-dev/;                  connect-src 'self' *.clicktripz.com js.logentries.com *.hotelbeds.com *.twitter.com *.optimizely.com www.google-analytics.com *.tealiumiq.com *.smct.co smct.co                                   *.doubleclick.net *.qubit.com 2
default-src 'self' https://www.engie.ro;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gateway.zscloud.net https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net;  style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: https://gateway.zscloud.net https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com; reflected-xss block; 2
default-src http: https:; script-src http: https: 'unsafe-inline' 'unsafe-eval'; style-src http: https: 'unsafe-inline'; img-src data: http: https: 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
default-src=self 2
default-src *.antarctica.gov.au *.aad.gov.au ausantarctic.createsend.com data: *.jwpcdn.com jwpltx.com 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' psa.digitalinsight.com; 2
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self';  2
frame-ancestors https://*.ariba.com http://*.ariba.com https://*.e-procurementservices.com https://*.ibuyefficient.com http://*.adaco.com http://*.p2p.na1.fourth.com http://*.eprosvcs.com https://*.eprosvcs.com https://*.buyerquest.net https://*.heritageparts.com https://*.heritageparts.ca https://*.edirx.com http://*.edirx.com https://hfs-s2-ma-adm-001:9002 https://localhost:9002 https://*.degdarwin.com https://equallevel.com 2
frame-ancestors 'self' 'https://accounts.login.idm.telekom.com' 'https://meinkonto.telekom-dienste.de' 'https://www.telekom.de' 'https://www.t-online.de' 2
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com/ https://*.xpressreg.net/ https://*.xpressleadpro.com/ https://*.xpressleadpro.net/ https://*.xpresspaymentservice.com/ https://xpresspaymentservice.com/ https://*.exhibitoremails.com/ https://*.cdsdatasense.Com/ *.digicert.com/ https://*.twimg.com/ https://*.adroll.com/ https://*.ingo.me/ https://ingo.me/ https://*.facebook.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.ads-twitter.com/ https://*.olark.com/ https://*.google.com/ https://*.twitter.com/ https://*.googleadservices.com/ https://*.googletagmanager.com/ https://*.feathr.co/ https://ads.yahoo.com/ https://*.adsrvr.org/ https://*.cloudfront.net/ https://*.lytics.io/ https://hotel-widget-files.s3.amazonaws.com/ https://abm-assets.s3.amazonaws.com/ https://s3.amazonaws.com/ https://settings.luckyorange.net/ https://*.onpeak.com/ https://assets.adobedtm.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.melissadata.net/ https://*.acs.org/ https://js.hs-scripts.com/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://forms.hubspot.com/ https://*.xpressreg.local/ https://*.hscollectedforms.net/ https://*.marketo.net/ https://*.gstatic.com/ https://*.addthis.com/ https://app.webreg.me/ https://dpm.demdex.net/ https://acswso.tt.omtrdc.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.linkedin.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://pixel-a.basis.net/ https://pixel.sitescout.com/ https://*.bing.com/ https://*.simplymeasured.com/ https://*.walkme.com/ https://*.dpmsrv.com/ https://*.marinsm.com/ https://*.prfct.co/ https://*.adnxs.com/ https://*.rlcdn.com/ https://*.youtube.com/ https://tags.tiqcdn.com/ https://*.informz.net/ https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.olark.com http://teamplanner/; img-src * data:; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com ; object-src 'self' 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' yastatic.net *.yandex.ru *.yandex.net *.googlesyndication.com *.disqus.com; style-src 'unsafe-inline' *;frame-src 'self' yastatic.net *.yastatic.net *.disqus.com *.vimeo.com *.youtube.com *.doubleclick.net *.s2block.com *.tizerlady.biz *.travelpayouts.com *.tizerlady.info *.lcads.ru *.google.com *.directadvert.ru *.yandex.st *.leadiacloud.com *.yandex.ru s3-eu-west-1.amazonaws.com *.googleapis.com *.s1block.com s1block.com *.s1venus.biz *.ladycash.ru vk.com *.facebook.com *.facebook.net *.twitter.com *.googlesyndication.com *.cloudfront.net; img-src * data:;media-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.st *.disqus.com *.yastatic.net *.yandex.net *.s2block.com *.tizerlady.biz *.copyright-law.ru *.tizerlady.info *.str100.ru *.lcads.ru *.google.com *.directadvert.ru *.yandex.st *.leadiacloud.com *.yandex.ru *.googleapis.com *.s1venus.biz *.ladycash.ru vk.com s1block.com *.s1block.com *.facebook.com *.facebook.net *.twitter.com *.googlesyndication.com *.google.ru *.yastatic.net yastatic.net *.cloudfront.net; 2
default-src 'unsafe-inline' https:; img-src data: https: 2
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval'; connect-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https:; font-src https: data:; frame-src https: google:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src blob: data: *; connect-src stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.jublo.net; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com github.com; style-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' 'self' platform.twitter.com; script-src www.youtube.com www.googletagmanager.com www.google-analytics.com s.ytimg.com its.tradelab.fr cdn.syndication.twimg.com platform.twitter.com connect.facebook.net tag.aticdn.net 'self' 'unsafe-eval' 'unsafe-inline' cdn.tradelab.fr static.ionis-group.com ib.adnxs.com dpm.zebestof.com maps.googleapis.com ajax.googleapis.com maxcdn.bootstrapcdn.com www.wufoo.com secure.wufoo.com maps.google.com; frame-src dpm.zebestof.com staticxx.facebook.com maps.google.com www.google.com candidatures.etna.io static.ionis-group.com www.facebook.com syndication.twitter.com platform.twitter.com ionis.wufoo.com www.youtube.com www.youtube-nocookie.com www.googletagmanager.com 'self' m.facebook.com; form-action www.facebook.com 'self' syndication.twitter.com platform.twitter.com; script-src-elem platform.twitter.com tag.aticdn.net maps.googleapis.com secure.wufoo.com static.ionis-group.com www.wufoo.com maps.google.com s.ytimg.com connect.facebook.net ajax.googleapis.com ib.adnxs.com its.tradelab.fr 'self' www.googletagmanager.com cdn.tradelab.fr 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.syndication.twimg.com www.google-analytics.com www.youtube.com dpm.zebestof.com; report-uri https://ionis.report-uri.com/r/d/csp/enforce 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.parsons.com *.twitter.com *.twimg.com *.amazonaws.com *.typekit.net *.google-analytics.com *.webtrendslive.com *.googleapis.com *.google.com *.gstatic.com *.cloudfront.net; 2
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://api.steem-engine.com https://scot-api.steem-engine.com https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 2
style-src 'self' 'unsafe-inline' *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.bing.com 2
default-src 'self'; img-src 'self' https://www.facebook.com https://www.googletagmanager.com https://t.co https://www.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://www.google.com.au https://20810323p.rfihub.com https://us-u.openx.net https://x.bidswitch.net https://ib.adnxs.com data: https://ad.doubleclick.net https://www.google.co.za; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://ajax.cloudflare.com https://www.google-analytics.com https://*.tymedigital.com https://*.tymebank.co.za https://secure-ds.serving-sys.com https://bs.serving-sys.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://static.hotjar.com https://script.hotjar.com https://www.google.co.za; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://vars.hotjar.com; connect-src 'self' https://*.tymedigital.com https://*.tymebank.co.za https://secure-ds.serving-sys.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com; object-src 'self' 2
frame-ancestors 'self' http://www.valladolid.es https://www.valladolid.es http://www.valladolid.gob.es https://www.valladolid.gob.es  2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d2bvjr1tusdgm6.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://www.visitorjs.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; font-src 'self' https://d2bvjr1tusdgm6.cloudfront.net; manifest-src 'self'; connect-src 'self' https://dt-es-proxy.dt-srv.de https://solr.diesel-technic.dt-srv.de https://www.google-analytics.com https://stats.g.doubleclick.net 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.eu  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 2
script-src 'self' *.interpublic.com *.google.com *.googleapis.com *.googlecode.com *.google-analytics.com netdna.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com s7.addthis.com m.addthis.com m.addthisedge.com optanon.blob.core.windows.net code.jquery.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.interpublic.com; report-uri /srv/csp/reportUnsafeJS.php?sender=Content-Security-Policy 2
plugin-types application/x-java-applet application/pdf  2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.iress.com.au *.bali6nora.com *.juicer.io *.dotmailer-surveys.com *.nr-data.net *.newrelic.com *.hotjar.com *.google-analytics.com fast.fonts.net www.googletagmanager.com player.vimeo.com www.googleadservices.com googleads.g.doubleclick.net www.youtube.com s.ytimg.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.juicer.io fast.fonts.net; font-src 'self' 'unsafe-inline' *.juicer.io data:; frame-src 'self' *.iress.com.au iress.com www.iress.com *.youtube.com *.google.com  *.hotjar.com *.adobe.com *.dotmailer-surveys.com; img-src * data:; media-src 'self'; frame-ancestors 'self' *.iress.com.au iress.com www.iress.com *.hotjar.com *.adobe.com *.dotmailer-surveys.com; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 2
script-src 'self' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.gstatic.com 'sha256-eFyObz16xZ1YreL8KEA1YqieFekz4pt/LWtmRgAnvB4='; style-src 'self' fonts.googleapis.com *.gstatic.com; report-uri /csp/report/; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com www.youtube.com; img-src 'self' data: *.googleusercontent.com *.gstatic.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; media-src 'self' storage.googleapis.com; font-src 'self' *.gstatic.com 2
upgrade-insecure-requests; referrer no-referrer-when-downgrade 2
frame-ancestors https://www.crashplan.com https://www.code42.com https://store.code42.com; 2
default-src 'self'; img-src *; media-src *; style-src * 'unsafe-inline'; font-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.myappro.com:* *.personalcard.net:* ; frame-src 'self' *.personalcard.net:* *.google.com:* *.youtube.com:* *.rtbiq.com; connect-src gw.oribi.io 'self'; 2
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com *.cmbchina.com https://cms.aqumon.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 2
default-src 'self' *.autofactpro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' optimize.google.com script.crazyegg.com browser.sentry-cdn.com *.mkt.autofact.cl optimize.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com apis.google.com www.youtube.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' optimize.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; img-src 'self' img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net data: www.google-analytics.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com; frame-src 'self' accounts.google.com optimize.google.com  *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com www.google.com www.youtube.com www.facebook.com web.facebook.com staticxx.facebook.com accounts.google.com bid.g.doubleclick.net *.culqi.com *.pagoefectivo.pe; object-src 'self' *.autofactpro.com; connect-src 'self' ampcid.google.com sentry.io www.google-analytics.com ampcid.google.com ampcid.google.cl 54.242.242.218 *.mkt.autofact.cl *.ampproject.org *.ampproject.net *.autofactpro.com autofact.cl *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org *.ampproject.net www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com https://plugin.autentia.mb:7777; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthisedge.com  cdn.syndication.twimg.com *.addthis.com platform.twitter.com  geolocation.onetrust.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu  *.nationalacademies.org; object-src 'self' 'unsafe-eval' cdn.syndication.twimg.com *.addthisedge.com *.addthis.com platform.twitter.com *.googleaps.com geolocation.onetrust.com *.googletagmanager.com *.google.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu  *.nationalacademies.org 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' henkel01.wt-eu02.net ir.tools.investis.com irs.tools.investis.com strategyvisual.henkel.com *.edge-cdn.net *.video-cdn.net www.realvision.com www.youtube.com *.twimg.com *.fbcdn.net *.wcfbc.net *.cdninstagram.com *.sprinklr.com *.henkel-life-global.com *.henkel.com cdnjs.cloudflare.com netdna.bootstrapcdn.com *.henkel-life-deutschland.de *.henkel.de *.henkel.it; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; frame-ancestors * 'self' 2
script-src 'unsafe-inline' 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  'unsafe-eval' dev.visualwebsiteoptimizer.com www.googletagmanager.com i.kissmetrics.com cdn.inspectlet.com maps.gstatic.com s3.amazonaws.com code.jquery.com doug1izaerwt3.cloudfront.net maps.googleapis.com fonts.googleapis.com mt1.googleapis.com mt0.googleapis.com www.googleapis.com ad.doubleclick.net www.google-analytics.com clients1.google.com mts0.googleapis.com mts1.googleapis.com cbks0.googleapis.com; img-src * data:; style-src 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  'unsafe-inline' fonts.googleapis.com www.google.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com apis.google.com *.googleapis.com *.rodacom.net www.rodacom.fr connect.facebook.net www.facebook.com platform.twitter.com www.googletagmanager.com www.google-analytics.com *.gstatic.com *.github.io https:; 2
default-src 'self' https://*.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu https://*.newrelic.com; frame-src 'self' https://*.polly.help https://*.hotjar.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.trustarc.com https://*.youtube.com https://*.criteo.com https://*.criteo.net https://millionpacman.pacorabanne.com https://sisleyquiz.nl https://view.publitas.com https://pixel.mathtag.com https://*.tradedoubler.com https://*.awin1.com https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.polly.help https://*.newrelic.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleadservices.com https://*.nr-data.net https://*.feefo.com https://*.doubleclick.net https://*.hotjar.com https://*.pingdom.net https://*.truste.com https://*.trustarc.com https://*.facebook.net https://*.cloudfront.net https://*.shoppingminds.com https://*.peerius.com https://*.aswatson.net https://*.peerius.episerver.net https://*.optimizely.com https://*.iciparisxl.net https://*.iciparisxl.be https://*.iciparisxl.nl https://*.iciparisxl.lu https://*.mathtag.com https://*.dwin1.com https://*.criteo.net https://*.criteo.com https://view.publitas.com https://*.tradetracker.net https://*.zenaps.com; connect-src 'self' https://*.google-analytics.com https://*.feefo.com https://*.pingdom.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.shoppingminds.com https://*.shoppingminds.net https://*.doubleclick.net https://*.iciparisxl.net https://*.iciparisxl.be https://*.iciparisxl.nl https://*.iciparisxl.lu https://*.facebook.com https://*.facebook.net https://*.revieve.com https://*.peerius.com https://*.fragrancesoftheworld.com https://*.aswatson.net https://*.ovolab.com https://*.peerius.episerver.net https://*.newrelic.com; style-src 'self' 'unsafe-inline' https://*.polly.help https://*.bootstrapcdn.com https://*.google.com https://*.googleapis.com https://*.cloudfront.net https://cdnjs.cloudflare.com https://*.revieve.com https://*.uk.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.uk.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu; img-src 'self' https: data: blob: https://*.aswatson.net ; media-src 'self' https: data: blob: https://*.aswatson.net; 2
frame-ancestors 'self' *.authorize.net 2
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src 'none'; img-src https: www.domaintechnik.at; style-src 'unsafe-inline' 2
default-src 'self' data:; child-src *;connect-src 'self' data: https://*.algolia.net https://*.algolianet.com http://*.algolia.net http://*.algolianet.com https://*.autheos.com https://*.googleapis.com https://pastease.mopinion.com https://*.swogo.com https://www.google-analytics.com https://*.doubleclick.net wss://*.firebaseio.com https://*.getflowbox.com https://*.execute-api.eu-west-1.amazonaws.com https://*.criteo.com https://*.hlserve.com https://*.hotjar.com wss://*.hotjar.com https://*.obi4wan.com https://*.pusher.com https://*.pusherapp.com wss://*.pusher.com wss://*.pusherapp.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://collect.mopinion.com https://fonts.mopinion.com https://nextail.mopinion.com https://*.swogo.com https://tagmanager.google.com https://fonts.googleapis.com;font-src 'self' data: 'unsafe-inline' https://collect.mopinion.com https://daks2k3a4ib2z.cloudfront.net https://fonts.gstatic.com https://gstatic.mopinion.com https://nextail.mopinion.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://sslwidget.criteo.com https://static.criteo.net https://connect.facebook.net https://*.tradetracker.net https://*.doubleclick.net https://*.firebaseio.com https://*.firebaseapp.com https://www.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://maps.gstatic.com https://collect.mopinion.com https://deploy.mopinion.com https://nextail.mopinion.com https://tdn.r42tag.com https://admin.relay42.com https://*.swogo.com https://7288352.collect.igodigital.com https://www.googletagmanager.com https://tagmanager.google.com https://connect.getflowbox.com https://*.hotjar.com https://*.obi4wan.com https://*.pusher.com https://*.pusherapp.com;img-src 'self' blob: data: *; 2
default-src https: 'unsafe-eval' 'unsafe-inline' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: * 2
frame-ancestors 'self' *.sitecore.net *.sitecore.com 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2
default-src blob: data: *; style-src platform.twitter.com 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ws.sharethis.com ton.twimg.com use.fontawesome.com 'unsafe-eval' www.google.com ajax.googleapis.com onesignal.com wp.ionis-group.com www.ionis-group.com *.iadvize.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net github.com use.fontawesome.com fonts.googleapis.com *.iadvize.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' platform.vine.co static.doubleclick.net *.iadvize.com connect.facebook.net www.youtube.com www.googletagmanager.com www.google-analytics.com static.ionis-group.com platform.twitter.com dpm.zebestof.com s.ytimg.com tag.aticdn.net cdn.syndication.twimg.com onesignal.com cdn.onesignal.com apis.google.com platform.linkedin.com www.wufoo.com cdn.tradelab.fr its.tradelab.fr ajax.googleapis.com ws.sharethis.com maps.google.com maps.googleapis.com maxcdn.bootstrapcdn.com t.sharethis.com www.google.com use.typekit.net e.issuu.com www.ionis-group.pro www.googleadservices.com googleads.g.doubleclick.net secure.wufoo.com cdnjs.cloudflare.com ib.adnxs.com cse.google.com cdn.lightwidget.com chat.concours-advance.fr www.wufoo.eu lightwidget.com wp.ionis-group.com *.iadvize.com; frame-src livestream.com forms.office.com twitter.com vine.co ionis.secure.force.com dpm.zebestof.com platform.twitter.com staticxx.facebook.com m.facebook.com syndication.twitter.com www.facebook.com www.google.com www.youtube.com onesignal.com ionis.wufoo.eu maps.google.com www.youtube-nocookie.com ws.sharethis.com t.sharethis.com apis.google.com accounts.google.com www.slideshare.net ionis.wufoo.com static.ionis-group.com web.facebook.com player.vimeo.com cse.google.com cse.google.fr www.googletagmanager.com lightwidget.com maps.google.fr e.issuu.com bid.g.doubleclick.net www.dailymotion.com connect.facebook.net c.sharethis.mgr.consensu.org evenium.net apis.google.com *.iadvize.com; connect-src 'self' ws: wss: dev.capadresse.com:* ws.capadresse.com:* ionis.io its.tradelab.fr *.iadvize.com *.iadvize.com stats.g.doubleclick.net www.google-analytics.com chat.concours-advance.fr www.facebook.com l.sharethis.com api.jublo.net onesignal.com performance.typekit.net wp.ionis-group.com cs83.salesforce.com test-ionis-sf.herokuapp.com; form-action tpeweb1.paybox.com trc.emv2.com ssl.paiement.cic-banques.fr tpeweb.paybox.com paiement.sogenactif.com 'self' platform.twitter.com www.facebook.com syndication.twitter.com connect.facebook.net; script-src-elem data: wufoo.com www.youtube.com www.wufoo.eu platform.twitter.com googleads.g.doubleclick.net static.doubleclick.net www.wufoo.com 'self' 'unsafe-inline' ajax.googleapis.com apis.google.com cdn.onesignal.com cdn.syndication.twimg.com cdn.tradelab.fr connect.facebook.net chat.concours-advance.fr cdnjs.cloudflare.com dpm.zebestof.com ib.adnxs.com its.tradelab.fr secure.wufoo.com wp.ionis-group.com www.googleadservices.com static.ionis-group.com e.issuu.com maps.googleapis.com cse.google.com maps.google.com maxcdn.bootstrapcdn.com onesignal.com platform.linkedin.com s.ytimg.com t.sharethis.com tag.aticdn.net use.typekit.net ws.sharethis.com www.ionis-group.pro www.google-analytics.com www.googletagmanager.com www.google.com *.iadvize.com lightwidget.com; report-uri https://ionis.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self'; form-action *;  2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.verticalscreen.com https://maps.googleapis.com  https://*.newrelic.com https://pi.pardot.com https://ssl.google-analytics.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.verticalscreen.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://*.googleapis.com https://ssl.google-analytics.com 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-ancestors market.forte.kz goislamic.kz my.fortebank.com forte.bank 2
default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval';connect-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; font-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; child-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 2
frame-src 'self' yabrowser: data: http://webvisor.com https://ott-widget.yandex.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; 2
frame-ancestors 'self' aruplab.com *.aruplab.com arupconsult.com *.arupconsult.com testmenu.com *.testmenu.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval'  2
base-uri 'self'; script-src * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://maxcdn.bootstrapcdn.com/ https://www.gstatic.com/ https://fonts.googleapis.com/ https://tagmanager.google.com/  https://wchat.freshchat.com/; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ data: https://www.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://www.youtube.com/ https://www.gstatic.com/ https://www.google.com https://api.razorpay.com/ https://www.googletagmanager.com/ https://wchat.freshchat.com/ https://165831428292838.webpush.freshchat.com/ https://bid.g.doubleclick.net/'; connect-src 'self' https://api.github.com/ https://maps.googleapis.com/ https://testapi.livezelo.com/ https://prodapi.livezelo.com/ https://www.gstatic.com/ https://sentry.io/ https://sokt.io/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://rum-static.pingdom.net/ https://a.quora.com/ http://rum-collector-2.pingdom.net/ https://lumberjack.razorpay.com https://api.razorpay.com/ https://o2.mouseflow.com/ https://security.livezelo.com/ https://flash.zolostays.com/playzelo/ https://zolostays.report-uri.com; img-src 'self' https: data: https://www.gstatic.com/ https://ssl.gstatic.com/ http://rum-collector-2.pingdom.net/ http://maps.google.com *.googleusercontent.com; object-src 'self'; worker-src 'self'; report-uri /csp-log 2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.google-analytics.com www.googletagmanager.com/ www.google.com/jsapi www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com static.ads-twitter.com cdn.mouseflow.com js.stripe.com js.braintreegateway.com cdn.pubnub.com connect.facebook.net cdnjs.cloudflare.com/ajax/libs/select2/ cdnjs.cloudflare.com/ajax/libs/d3/ *.twitter.com *.twimg.com cdn.jsdelivr.net/npm/vue cdn.jsdelivr.net/npm/vue/dist/vue.js; style-src 'unsafe-inline' 'self' www.google.com www.gstatic.com/recaptcha *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.twitter.com cdnjs.cloudflare.com/ajax/libs/select2/ use.fontawesome.com; 2
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://vmeste.eu https://ulogin.ru/js/ulogin.js 2
script-src 'self' https://stats.wp.com https://www.gstatic.com http://www.googletagmanager.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://ajax.googleapis.com https://www.google-analytics.com https://www.youtube.com  https://s.ytimg.com https://platform.linkedin.com https://platform.twitter.com  https://apis.google.com https://connect.facebook.net https://player.vimeo.com 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv.azureedge.net gcv-cms.azureedge.net gcv-dev.azureedge.net gcv-qa.azureedge.net www-gcv.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net; 2
true 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.natfuel.com *.nationalfuelgas.com nationalfuel.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com player.vimeo.com www.google.com sp.analytics.yahoo.com stats.g.doubleclick.net data: 2
default-src https:;                 script-src https: https://optimize.google.com 'unsafe-inline' 'unsafe-eval';                 style-src https: https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';                 img-src https: data: https://optimize.google.com;                 font-src * data:;                 frame-src https: https://optimize.google.com;                 child-src https: 'self' https://optimize.google.com;                 connect-src https: wss: 'self' *.hotjar.com 2
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googleapis.com bat.bing.com widget.trustpilot.com static.cgb.fr static.pumpup.fr; base-uri 'self'; 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://87.98.166.151 http://51.75.145.18 http://51.75.145.222 http://51.75.157.23 http://51.75.60.195 http://51.75.52.31 http://51.77.66.37 http://51.68.154.126 http://51.75.145.15; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
child-src https://share.intercom.io   https://intercom-sheets.com   https://www.youtube.com   https://player.vimeo.com   https://fast.wistia.net; connect-src 'self' www.facebook.com dev.visualwebsiteoptimizer.com *.addthis.com *.wisepops.com *.googlesyndication.com *.typekit.net  https://appupdate.intoithost.be https://client.localmiddleware.be:20202 *.hotjar.io *.hotjar.com wss://ws2.hotjar.com/api/v1/client/ws wss://ws4.hotjar.com/api/v1/client/ws https://api.intercom.io   https://api-iam.intercom.io   https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io   https://nexus-websocket-b.intercom.io   https://nexus-long-poller-a.intercom.io   https://nexus-long-poller-b.intercom.io   wss://nexus-websocket-a.intercom.io   wss://nexus-websocket-b.intercom.io   https://uploads.intercomcdn.com   https://uploads.intercomusercontent.com   https://app.getsentry.com wss://ws5.hotjar.com www.google-analytics.com; default-src 'self'; font-src 'self' sp-bootstrap.global.ssl.fastly.net apikeys.civiccomputing.com fonts.gstatic.com use.typekit.com https://js.intercomcdn.com data:; frame-src 'self' *.addthis.com www.youtube.com *.doubleclick.net *.facebook.com *.vimeo.com *.spotify.com *.cvwarehouse.com www.google.com *.hotjar.com appupdate.intoithost.be https://vars.hotjar.com/ https://optimize.google.com; img-src 'self' data: dev.visualwebsiteoptimizer.com stats.g.doubleclick.net *.facebook.com www.google-analytics.com i.ytimg.com maps.gstatic.com maps.googleapis.com csi.gstatic.com googleads.g.doubleclick.net *.google.com *.typekit.net *.wisepops.com *.qualys.com http://www.euroflorist.be *.google.it *.google.com *.googleapis.com *.gstatic.com *.tradetracker.net *.googleadservices.com *.mediahuis.be secure.adnxs.com *.atemda.com *.tradedoubler.com *.google.com.tr *.google.be http://tracking.lqm.io *.metaffiliation.com https://pubads.g.doubleclick.net https://js.intercomcdn.com   https://static.intercomassets.com   https://downloads.intercomcdn.com   https://uploads.intercomusercontent.com   https://gifs.intercomcdn.com  https://www.google.nl www.googletagmanager.com https://lt45.net https://www.lt45.net https://optimize.google.com; media-src 'self' data: https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' dev.visualwebsiteoptimizer.com www.youtube.com s.ytimg.com www.google.com www.google-analytics.com *.facebook.com *.facebook.net apikeys.civiccomputing.com www.googletagmanager.com *.addthis.com  m.addthisedge.com ajax.googleapis.com s7.addthis.com m.addthisedge.com *.adhese.com ajax.aspnetcdn.com use.typekit.com www.googleadservices.com *.wisepops.com *.cvwarehouse.com *.google.com secure.adnxs.com maps.googleapis.com http://api.cvwarehouse.com *.lqm.io  www.gstatic.com *.hotjar.com  https://app.intercom.io   https://widget.intercom.io   https://js.intercomcdn.com https://googleads.g.doubleclick.net s.yimg.com sp.analytics.yahoo.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; 2
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com 2
frame-ancestors 'self' webvisor.com metrika.yandex.ru *.yandex.net mc.yandex.ru 2
frame-ancestors http://ecomdisplay.int/ 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
default-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';connect-src https: wss://visitors.live wss://in.visitors.live;font-src *;img-src * data:; 2
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 2
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 2
policy-uri /'self' 2
script-src 'self' * 'unsafe-inline' 'unsafe-eval'; 2
object-src 'self'; base-uri 'none'; require-sri-for script style 2
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 2
script-src: self 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: http://*.cloudfront.net https://*.lantmateriet.se https://wds.callguide.telia.com; img-src https://wds.callguide.telia.com http: 'self' http://*.cloudfront.net data: 'self'   2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 2
default-src *;child-src * blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; style-src * 'unsafe-inline'; img-src *; font-src *; media-src * blob: data:; object-src *; frame-src * 2
block-all-mixed-content; report-uri https://www.probikekit.co.uk/cspReport.txt; 2
script-src https: 'unsafe-eval' 'unsafe-inline'; 2
object-src 'self'; frame-ancestors 'self' 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
script-src 'self' http: https: 'unsafe-inline'; default-src * http: https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self';style-src 'unsafe-inline' *;child-src 'self' https://securepay.tinkoff.ru https://www.youtube.com http://ctrif.info https://connect.facebook.net http://player.vimeo.com https://mc.yandex.ru http://log.xoalt.com http://youtube.com ;connect-src https://securepay.tinkoff.ru https://www.facebook.com http://ctrif.info https://connect.facebook.net http://log.xoalt.com https://www.youtube.com https://mc.yandex.ru/ http://dobrotds.com https://dobrotds.ru https://padandode.blogspot.ru padandode.blogspot.ru https://paltenis.blogspot.ru paltenis.blogspot.ru https://www.vpavex.ru www.vpavex.ru https://fotocam63.ru fotocam63.ru https://restavratorofby.ru restavratorofby.ru https://teacoffeezakazz.ru teacoffeezakazz.ru http://google.com google.com http://www.test.su www.test.su http://test.nick.com test.nick.com https://chimboratos.xtr chimboratos.xtr http://ctrcdn.pro https://ctrcdn.pro http://ctrbro.com http://ctrbro.biz http://ctrbro.pro http://ctrbro.info http://*.dobrotds.com;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com cdn.caltat.com https://securepay.tinkoff.ru http://ctrif.info https://connect.facebook.net http://sync.xoalt.com http://log.xoalt.com http://ad.adsniper.ru http://sync3.adsniper.ru https://www.youtube.com http://ajax.googleapis.com http://ajax.aspnetcdn.com http://dobrotds.com https://dobrotds.ru https://padandode.blogspot.ru padandode.blogspot.ru https://paltenis.blogspot.ru paltenis.blogspot.ru https://www.vpavex.ru www.vpavex.ru https://fotocam63.ru fotocam63.ru https://restavratorofby.ru restavratorofby.ru https://teacoffeezakazz.ru teacoffeezakazz.ru http://google.com google.com http://www.test.su www.test.su http://test.nick.com test.nick.com https://chimboratos.xtr chimboratos.xtr http://ctrcdn.pro https://ctrcdn.pro http://ctrbro.com http://ctrbro.biz http://ctrbro.pro http://ctrbro.info http://st.dobrotds.com http://*.dobrotds.com dobrotds.com http://top-fwz1.mail.ru http://www.youtube.com http://youtube.com http://vkontore.m2corp.ru http://fpdownload2.macromedia.com http://vk.com https://mc.yandex.ru/ http://resports.zdorov.pro http://api-maps.yandex.ru; report-uri http://ctrif.com/csp.php https://connect.facebook.net http://ctrif.info 2
frame-ancestors *.entertainmentcruises.com *.odysseycruises.com *.spiritcruises.com *.mysticbluecruises.com *.seadogcruises.com *.bateauxnewyork.com reservations.entertainmentcruises.com; 2
default-src 'self' *.bdasites.com bdasites.com; font-src 'self' *.bdasites.com bdasites.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.bdasites.com bdasites.com ajax.aspnetcdn.com *.google.com fonts.googleapis.com *.sharethis.com; connect-src 'self' *.doubleclick.net www.google-analytics.com *.sharethis.com; img-src * data:; media-src *; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bdasites.com bdasites.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.aspnetcdn.com *.google.com *.googlecode.com *.newrelic.com *.bootstrapcdn.com *.googleapis.com *.sharethis.com invitebox.com urltag.net bam.nr-data.net connect.facebook.net www.gstatic.com 2
default-src 'self' dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self'  2
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com; 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:  2
default-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com; img-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com data:; connect-src 'self'; script-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline'; style-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline' 2
script-src 'self' https: 2
base-uri 'self'; form-action 'self'; frame-src https://maps.googleapis.com https://www.youtube.com; default-src 'self' data: https://yoast.com https://cdn.polyfill.io https://secure.gravatar.com https://maps.googleapis.com https://maps.gstatic.com https://www.youtube.com https://www.google-analytics.com https://analysis.emerchantpay.com https://www.emerchantpay.com; font-src 'self' data: https://yoast.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://maps.googleapis.com https://www.emerchantpay.com/; style-src 'self' 'unsafe-inline' https://yoast.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src https://www.emerchantpay.com https://api.applause-button.com/get-claps https://api.applause-button.com/update-claps https://yoast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdn.polyfill.io https://maps.googleapis.com https://s.ytimg.com https://www.youtube.com https://www.emerchantpay.com https://analysis.emerchantpay.com https://www.google-analytics.com 2
script-src *  'unsafe-eval' 'unsafe-inline' ; worker-src blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl; img-src 'self' data: *.ggpht.com *.profiauto.pl silnet.pl ssl.silnet.pl *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' *.google.com google.com *.facebook.com onesignal.com *.youtube.com; connect-src 'self' onesignal.com *.google-analytics.com *.doubleclick.net *.google.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://platform.linkedin.com https://static.ads-twitter.com https://*.twitter.com https://*.olark.com https://code.jquery.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://*.pardot.com https://www.facebook.com https://www.google-analytics.com https://adinstruments.bamboohr.com https://www.gstatic.com https://app.wistia.com https://ajax.googleapis.com https://*.adinstruments.com https://cdn.ckeditor.com https://src.litix.io https://assets.adobedtm.com https://i.simpli.fi https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://localhost:1234 https://lt-page.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net https://static.olark.com https://fast.wistia.net https://adinstruments.bamboohr.com https://cdn.adinstruments.com https://cdn.ckeditor.com https://optanon.blob.core.windows.net https://optimize.google.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://fast.fonts.net https://fast.wistia.com; img-src 'self' data: *; connect-src 'self' https://nrpc.olark.com https://*.wistia.com https://adinstruments.bamboohr.com https://embedwistia-a.akamaihd.net https://connect.facebook.net https://google-analytics.com https://*.litix.io https://www.google-analytics.com https://www.linkedin.com; frame-src 'self' https://static.olark.com https://go.adinstruments.com https://oneadi-faces-embed.adinstruments.com https://static.olark.com https://*.salesforce.com https://fast.wistia.net https://fast.wistia.com https://platform.twitter.com https://*.facebook.com https://connect.facebook.net https://platform.linkedin.com https://*.google.com https://go.pardot.com https://labchart.com https://www.slideshare.net https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com/ https://bid.g.doubleclick.net/; media-src 'self' data: blob: https://static.olark.com https://embedwistia-a.akamaihd.net https://lt-page.s3.amazonaws.com; object-src 'self' https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com; frame-ancestors 'self' https://datasci.com https://www.datasci.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss: 2
frame-ancestors 'self' goplus.localhost *.goplus.localhost; 2
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob: 2
frame-src https: 2
script-src  'self' 'unsafe-inline' 'unsafe-eval'  https://www.snapengage.com *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com *.jquery.com https://cdnjs.cloudflare.com; img-src 'self' blob: https://www.snapengage.com https://stats.g.doubleclick.net  https://platform.bluemessaging.net *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com data: *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' *.tableau.com https://www.nexura.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co https://*.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com ; font-src 'self' *.tableau.com https://*.bootstrapcdn.com https://www.nexura.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self'; frame-ancestors 'self' *.tableau.com ; media-src 'self' blob: *.tableau.com http://smartlink.cool *.smartlink.cool;  2
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 2
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de; 2
frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ https://apis.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ https://apis.google.com;style-src 'self' 'unsafe-inline'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ https://apis.google.com;img-src 'self' data: https://apis.google.com *.tile.openstreetmap.org https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ;object-src 'none'; 2
frame-ancestors 'self' http://webvisor.com *.pathfactory.com *.hotjar.com https://pathfactory.com *.vidyard.com 2
default-src 'self' https://www.google.com https://apis.google.com/ https://accounts.google.com/ https://*.sharethis.com/ https://c.sharethis.mgr.consensu.org/ https://bid.g.doubleclick.net/; img-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://apis.google.com/ https://*.sharethis.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://www.googletagmanager.com/  https://www.google-analytics.com/; font-src 'self'; style-src 'self' 'unsafe-inline' https://ws.sharethis.com/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 2
Content-Security-Policy: default-src 'self' *.facebook.com 2
default-src http://hsquizbowl.org http://www.hsquizbowl.org 'self'; script-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; style-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; img-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' ; 2
default-src 'self' 'unsafe-inline' data: *.dat.de *.datgroup.com *.fairgarage.de *.b-ite.com; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com http://mailings.dat.de/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dat.de *.datgroup.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com *.fairgarage.de *.b-ite.com; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com *.fairgarage.de *.dat.de *.datgroup.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com; frame-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de 2
default-src 'self' 'unsafe-inline' data: blob: https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; form-action 'self' test.flexiteexam.com https:; frame-ancestors 'self' https:; img-src 'self' data: https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' blob: 2
connect-src 'self'; 2
frame-src * 2
frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg 2
default-src 'self' data: 'unsafe-inline' https: *; 2
frame-ancestors 'self' *.optimizely.com 2
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src blob: *; child-src blob: *; img-src 'self' data: https: blob: https: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' blob: https: *; worker-src 'self' 'unsafe-inline' blob: https: *; 2
default-src 'self';connect-src 'self' blob: https://*.g.doubleclick.net https://*.google-analytics.com https://connect.facebook.net https://*.facebook.com https://*.sharethis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.instagram.com https://*.sharethis.com https://*.ytimg.com https://*.youtube.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.iadvize.com https://*.evidon.com https://*.cloudflare.com https://*.jsdelivr.net https://*.mars.com https://connect.facebook.net;img-src blob: 'self' https://*.blob.core.windows.net https://*.org data: https://*.betrad.com https://*.royalcanin.fr/ https://*.wikichat.fr/ https://*.wikichien.fr/ https://*.google-analytics.com https://*.google.com https://*.evidon.com https://*.google.fr https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.facebook.com https://*.mars.com; style-src 'self' 'unsafe-inline' https://optanon.blob.core.windows.net https://*.google.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.mars.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://*.mars.com https://*.bootstrapcdn.com; frame-src https://*.calameo.com https://*.evidon.com https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.digitaddict.com https://*.facebook.com https://c.sharethis.mgr.consensu.org; object-src 'self' 2
default-src 'self' http://smartf-on.net http://m.smartf-on.net; style-src 'unsafe-inline' *; frame-src *; img-src * data:*; media-src *; object-src *; connect-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.smartf-on.net http://smartf-on.net http://*.phncdn.com http://*.rncdn3.com http://*.darangi.ru http://darangi.ru http://*.lugiy.ru http://deobp.com http://lugiy.ru http://*.belole.ru http://belole.ru/  http://*.hjiss.com http://*.hnixr.com http://hjiss.com http://hnixr.com http://youporn.com http://download.macromedia.com http://share.pluso.ru http://bzlwe.com http://*.youporn.com http://tools.bongacams.com/* hiopdi.com https://*.google-analytics.com http://*.google-analytics.com https://google-analytics.com https://*.google-analytics.com http://*.google-analytics.com https://google-analytics.com https://*.yandex.ru http://*.yandex.ru https://yandex.ru http://yandex.ru https://yandex.com https://*.yandex.com http://*.yandex.com http://yandex.com http://nhqqv.space http://*.nhqqv.space http://*.exoclick.com http://exoclick.com; report-uri /csp.php 2
default-src https://www.facebook.com https://www.google.nl https://www.google.com https://maps.google.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.windesheim.nl https://*.windesheimflevoland.nl https://*.windesheim.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://rlb.nuffic.nl https://www.google-analytics.com https://pbs.twimg.com 'self' data:; script-src https://*.windesheim.nl https://*.windesheimflevoland.nl https://*.windesheim.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com http://www.googleadservices.com https://maps.googleapis.com https://platform.linkedin.com https://track.adform.net https://www.facebook.com https://connect.facebook.net https://ajax.googleapis.com https://rlb.nuffic.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.windesheim.nl https://*.windesheimflevoland.nl https://*.windesheim.com https://tagmanager.google.com https://fonts.googleapis.com https://rlb.nuffic.nl 'unsafe-inline'  2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2
form-action 'self' *.list-manage.com *.mollie.com; 2
script-src 'self' http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: blob: ; base-uri 'self'; script-src * data: 'unsafe-inline' 'unsafe-eval'; 2
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 2
frame-ancestors https://www.usgacardshop.com http://www.usgacardshop.com http://www.123print.com http://www.brookhollowcards.com http://www.cardsdirect.com https://www.123print.com https://www.brookhollowcards.com https://www.cardsdirect.com http://*.cardsdirect.com; 2
style-src 'self' 'unsafe-inline' *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com 2
media-src *; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 2
upgrade-insecure-requests; default-src * data: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
style-src 'self' 'unsafe-inline' *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.googletagmanager.com 2
default-src https:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; 2
object-src 'none'; form-action 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * 2
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *.yandex.net *.yandex.ru https://*.yandex.net https://*.yandex.ru; frame-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-eval' *.yandex.ru https://*.yandex.ru; connect-src 'self' *.yandex.ru https://*.yandex.ru; 2
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' vk.com http://connect.ok.ru *.yandex.ru *.yandex.net yastatic.net *.yastatic.net; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' yastatic.net www.youtube.com; media-src 'self' mediastream:; font-src * data:; connect-src 'self' https://mc.yandex.ru graph.facebook.com ; 2
<policy> 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
worker-src 'self' blob:; media-src 'self' blob: https:; default-src 'self' data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com http://connect.ok.ru https://connect.ok.ru https://cdn.onesignal.com https://*.doubleclick.net https://onesignal.com http://*.googletagservices.com https://yastatic.net http://*.yandex.net https://*.yandex.net http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com feeds.feedburner.com feedburner.google.com counter.rambler.ru http://*.yandex.ru https://*.yandex.ru *.avtoed.com http://*.gstatic.com https://*.gstatic.com http://yandex.st https://yandex.st http://vk.com https://vk.com http://vk.comcdn.connect.mail.ru https://vk.comcdn.connect.mail.ru http://mc.yandex.ru https://mc.yandex.ru http://*.google-analytics.com https://*.google-analytics.com; object-src 'self' http://*.youtube.com https://*.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.gstatic.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://onesignal.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com; img-src * 'self' data: http://mc.yandex.ru https://mc.yandex.ru http://yastatic.net https://yastatic.net; media-src 'self'; frame-src 'self' http://connect.ok.ru https://connect.ok.ru http://platform.twitter.com https://platform.twitter.com https://onesignal.com http://*.avtoed.com http://orphus.ru http://*.yandex.net https://*.yandex.net http://*.yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net https://yandexadexchange.net http://*.yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net http://yastatic.net https://yastatic.net http://*.youtube.com https://*.youtube.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://connect.mail.ru https://connect.mail.ru http://vk.com https://vk.com; font-src 'self' http://*.gstatic.com https://*.gstatic.com; connect-src 'self' https://onesignal.com https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ua https://*.yandex.ua http://*.youtube.com https://*.youtube.com http://*.google-analytics.com https://*.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.gstatic.com https://*.gstatic.com; 2
frame-ancestors 'self' webvisor.com *.yandex.ru 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bravi.if.eu connect.facebook.net *.googletagservices.com *.appspot.com *.doubleclick.net google.com *.google.com doubleclick.net appspot.com www.facebook.com se-gmtdmp.mookie1.com secure.adnxs.com ifhelp2015.azurewebsites.net www.google-analytics.com *.onetrust.com *.cookielaw.org optanon.blob.core.windows.net geolocation.onetrust.com  *.psplugin.com cdn.cookielaw.org tagmanager.google.com chat.puzzel.com *.if.eu brandedstyleguide-itest.azurewebsites.net brandedstyleguide-stest.azurewebsites.net brandedstyleguide-atest.azurewebsites.net www.fordforsakring.se *.fordforsakring.se www.opelforsakring.se *.opelforsakring.se www.nissanforsakring.se *.nissanforsakring.se www.saabforsakring.se *.saabforsakring.se www.googletagmanager.com js.revsci.net st.if.eu ifhelp2015eu.herokuapp.com volviasverige.fbinhouse.se cdn.jsdelivr.net *.fls.doubleclick.net cdn.datatables.net az416426.vo.msecnd.net claims-chat-bot-web.azurewebsites.net claims-chat-bot-web-test.azurewebsites.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com st-test.if.eu skodabilforsakring.se *.skodabilforsakring.se www.renaultforsakring.se *.renaultforsakring.se bmworiginalforsakring.se *.bmworiginalforsakring.se volvia.se audibilforsakring.se *.audibilforsakring.se seatbilforsakring.se *.seatbilforsakring.se *.volvia.se www.minioriginalforsakring.se *.minioriginalforsakring.se www.volkswagenbilforsakring.se *.volkswagenbilforsakring.se www.volkswagentransportbilarforsakring.se *.volkswagentransportbilarforsakring.se www.daciaforsakring.se *.daciaforsakring.se www.porschebilforsakring.se *.porschebilforsakring.se www.mercedes-benzforsakring.se *.mercedes-benzforsakring.se www.kiabilforsakring.com *.kiabilforsakring.com bravi-cdn-itest.azureedge.net bravi-cdn-atest.azureedge.net bravi-cdn-stest.azureedge.net bravi-cdn.azureedge.net dev.visualwebsiteoptimizer.com *.azurewebsites.net wss://directline.botframework.com dc.services.visualstudio.com directline.botframework.com *.api.if.eu *.prod.bravi.if.eu *.itest.bravi.if.eu *.stest.bravi.if.eu *.atest.bravi.if.eu wss://*.prod.bravi.if.eu wss://*.itest.bravi.if.eu wss://*.stest.bravi.if.eu wss://*.atest.bravi.if.eu bravi-cms-itest-edit.azurewebsites.net wss://bravi-cms-itest-edit.azurewebsites.net claimshistoryapi-atest.azurewebsites.net claimshistoryapi-itest.azurewebsites.net fonts.googleapis.com code.jquery.com fonts.gstatic.com *.fbinhouse.se static.fbinhouse.se data: *.youtube.com www.skodabilforsakring.se; 2
frame-ancestors www-preprod.vegatele.com cabinet.vegatele.com vega.ua my.vega.ua; script-src 'unsafe-eval' 'unsafe-inline' 'self' static.hotjar.com script.hotjar.com vega.pbx.vega.ua connect.facebook.net www.googletagmanager.com www.google-analytics.com; block-all-mixed-content; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com *.google.com *.yandex.ru *.gleam.io 2
default-src https:; font-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data:; 2
frame-ancestors 'self'; object-src 'self' blob:; 2
frame-ancestors https://*.authorize.net 'self' 2
default-src 'self' data: 'unsafe-inline' missouricu.org *.missouricu.org *.googleadservices.com *.googletagmanager.com *.googleapis.com *.adsrvr.org *.doubleclick.net *.google-analytics.com *.facebook.net *.fontawesome.com *.google.com *.youtube.com *.gstatic.com; frame-ancestors 'self' https://mcuhbtestapp/ 2
default-src 'unsafe-eval' 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; connect-src *; font-src * data: 2
upgrade-insecure-requests; default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; 2
default-src 'self' http://www.youtube.com/ wss://www.reasedoper.pw http://reasedoper.pw https://reasedoper.pw https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://nathetsof.com/ http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://www.nathetsof.com/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ldlc.com *.ldlc-pro.com *.groupe-ldlc.com  *.ldlc-pro.fr  *.ldlc-pro.be  *.ldlc-pro.lu  *.ldlc-pro.ch *.fontawesome.com via.placeholder.com *.intercomassets.com *.s-microsoft.com *.intercomcdn.com *.intercom.io *.hotjar.com *.doofinder.com *.youtube.com *.quadro-selector.com  *.google.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com ws: wss: data:; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 2
default-src 'none'; connect-src 'self' *.mil.ru mc.yandex.ru; script-src 'self' 'unsafe-inline' *.maps.yandex.net *.yandex.net *.googletagmanager.com *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' *.mil.ru *.googleapis.com; img-src 'self' *.mil.ru *.maps.yandex.net *.yandex.net yandex.net data: counter.yadro.ru *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' *.mil.ru api-maps.yandex.ru *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtube.com *.youtu.be *.google.com; font-src 'self' fonts.gstatic.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' mil.ru *.mil.ru; base-uri 'self'; form-action 'self'; 2
child-src *; frame-ancestors 'self' http://*.naukri.com http://*.naukimg.com https://*.facebook.com https://*.naukri.com https://*.naukimg.com https://*.referralrecruit.com https://*.twitter.com; media-src 'self' blob:; default-src 'unsafe-eval' 'unsafe-inline' 'self' http://*.naukimg.com http://*.naukri.com https://*.akamaihd.net https://*.doubleclick.net https://*.dropbox.com https://*.facebook.com https://*.facebook.net https://*.fbsbx.com https://*.fbcdn.net https://*.google-analytics.com https://*.google.co.in https://*.google.co.us https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.jquery.com https://*.naukimg.com https://*.equest.com https://*.naukri.com https://*.scorecardresearch.com https://*.vizury.com https://*.referralrecruit.com https://*.twitter.com https://*.youtube.com https://*.zedo.com https://*.liveperson.net https://*.lpsnmedia.net https://media.licdn.com https://*.inspectlet.com http://*.inspectlet.com https://*.layer.com https://*.zopim.com https://*.zopim.io wss://*.zopim.com wss://*.layer.com wss://ws.inspectlet.com https://*.linkedin.com data:; report-uri https://lg.naukri.com/cspLogger/ 2
default-src https: 'unsafe-eval' 'unsafe-inline' http: img-src 'self' data: 2
script-src https://bat.bing.com https://api.clerk.io https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://chimpstatic.com https://*.sleeknote.com https://widget.trustpilot.com; img-src https://bat.bing.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://static.intercomassets.com https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://miljoevenlig-pakning.dk https://www.partner-ads.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://*.klarna.com https://*.klarnacdn.net https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://*.sleeknote.com; connect-src 'self' https: wss://*.intercom.io; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com; object-src 'self'; media-src https://*.gstatic.com 2
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' webvisor.com; 2
default-src 'self' https://afinet.afirme.com https://*.youtube.com https://cdn.plyr.io https://*.zopim.com https://fonts.gstatic.com data: wss://*.zopim.com; script-src 'self' https://afinet.afirme.com https://www.google-analytics.com https://detectca.easysol.net https://idata.easysol.net https://ssl.google-analytics.com https://s.ytimg.com https://*.youtube.com https://*.zopim.com https://*.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://ssl.google-analytics.com https://detectca.easysol.net https://*.youtube.com https://*.zopim.com https://maps.gstatic.com https://*.googleapis.com data: 'unsafe-inline' 'unsafe-eval'; 2
default-src='self' 2
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; object-src 'self'; font-src *; connect-src *; img-src 'self' data: *; frame-src *; 2
frame-ancestors *.fnlondon.com 2
default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; 2
script-src 'self' *.sdicamps.com *.heartlandportico.com *.google.com *.googleapis.com *.google-analytics.com *.newrelic.com *.nr-data.net 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' data: 'unsafe-inline' https://service.liveperson.net https://lptag.liveperson.net https://www.google-analytics.com https://js.locatorsearch.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self' https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://lpcdn.lpsnmedia.net https://tucson.locatorsearch.com https://www.youtube.com https://player.vimeo.com https://www04.timetrade.com; child-src 'self' https://tucson.locatorsearch.com https://www.youtube.com https://player.vimeo.com; report-uri https://tucsonfcu.report-uri.io/r/default/csp/enforce; 2
img-src *;object-src *;frame-src *; 2
script-src www.google.co.uk *.dwin1.com www.google.com *.puzzel.com *.bing.com static.addtoany.com *.adnxs.com *.adroll.com *.steelhousemedia.com m.addthisedge.com *.addthis.com *.hotjar.com *.pingdom.net *.qualtrics.com *.cloudfront.net widget.trustpilot.com fp.gdmdigital.com *.linkedin.com *.facebook.com *.typekit.net ajax.googleapis.com analytics.google.com v2.visualwebsiteoptimizer.com useruploads.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com livechat.uk2group.com www.googleadservices.com tagmanager.google.com www.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net *.uk2.net 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com connect.facebook.net platform.twitter.com apis.google.com tracking.websitealive.com www.gstatic.com www.google-analytics.com secure.leadforensics.com; default-src 'self' data: *.puzzel.com *.uk2.net; img-src 'self' canarytokens.com *.uk2.net data: *.typekit.net *.gstatic.com *.bing.com secure.gravatar.com *.pingdom.net v2.visualwebsiteoptimizer.com placehold.it useruploads.visualwebsiteoptimizer.com widget.trustpilot.com syndication.twitter.com *.hotjar.com dev.visualwebsiteoptimizer.com livechat.uk2group.com googleads.g.doubleclick.net www.googleadservices.com *.steelhousemedia.com chart.googleapis.com widget.trustpilot.com notify.bugsnag.com stats.g.doubleclick.net www.google.com www.google-analytics.com 55b558c7-resources.bk-partnersasia.com csi.gstatic.com www.facebook.com syndication.twitter.com images.websitealive.com tracking.websitealive.com; style-src 'self' *.uk2.net www.google.co.uk *.puzzel.com *.pingdom.net https://use.fontawesome.com maxcdn.bootstrapcdn.com *.steelhousemedia.com fonts.googleapis.com www.google.com tagmanager.google.com dev.visualwebsiteoptimizer.com livechat.uk2group.com 'unsafe-inline' tracking.websitealive.com widget.trustpilot.com; frame-src 'self' *.uk2.net static.addtoany.com *.hotjar.com *.twitter.com *.addthis.com www.google.co.uk www.google.com *.steelhousemedia.com player.vimeo.com a5.websitealive.com www.youtube.com widget.trustpilot.com tracking.websitealive.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com dev.visualwebsiteoptimizer.com livechat.uk2group.com; object-src 'self' *.uk2.net; font-src 'self' *.uk2.net data: fonts.gstatic.com use.typekit.net *.puzzel.com https://use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com; connect-src 'self' static.addtoany.com *.puzzel.com *.pingdom.net widget.trustpilot.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com graylog.hotjar.com:12443 *.twitter.com *.uk2.net *.hotjar.com *.addthis.com dev.visualwebsiteoptimizer.com livechat.uk2group.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 2
default-src data: https:;       script-src 'unsafe-inline' 'unsafe-eval' https:;       style-src 'unsafe-inline' https:;       font-src 'self' data: fonts.gstatic.com use.typekit.net;       object-src 'self' pcardstest.processdata.co.uk pcards.process.data.co.uk;       frame-ancestors 'self' pcardstest.process.data.co.uk pcards.process.data.co.uk;       form-action 'self' secure.ogone.com hpp.fauxlex.com tfs.fauxlex.com payments-sandbox.amazon.co.uk pay.sandbox.realexpayments.com hpp.realexpayments.com; base-uri 'none'; 2
'self' http://irestekhdam.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io d3js.org www.googletagmanager.com connect.facebook.net log.pinterest.com platform.twitter.com assets.pinterest.com cdn.syndication.twimg.com cdnjs.cloudflare.com code.jquery.com ssl.google-analytics.com s.swiftypecdn.com use.fontawesome.com cdnjs.cloudflare.com syndication.twitter.com www.gstatic.com www.google.com www.google-analytics.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' search-api.swiftype.com api.sbif.cl s.swiftypecdn.com; img-src 'self' data: ton.twimg.com platform.twitter.com syndication.twitter.com stats.g.doubleclick.net www.google-analytics.com pbs.twimg.com ssl.google-analytics.com cc.swiftype.com; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com s.swiftypecdn.com; frame-src 'self' www.facebook.com staticxx.facebook.com syndication.twitter.com platform.twitter.com www.google.com www.gstatic.com www.sbif.cl;  2
frame-ancestors https://*.allianz.co.id 2
script-src 'self' http://struts.apache.org/tags-logic http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://tiles.apache.org/tags-tiles 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' blob:; worker-src blob: 2
default.src https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 2
default-src 'self' *.transunion.com *.transunion.co.za *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.passage.ai wss://tars-prod.passage.ai; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net app.trustev.com pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com *.passage.ai blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.comi *.passage.ai wss://tars-prod.passage.ai; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com fonts.gstatic.com *.transunion.co.za api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2
frame-ancestors 'self' *.hyundaimotors.co.il hyundaimotors.co.il *.mitsubishi-israel.co.il mitsubishi-israel.co.il 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com 2
allow-same-origin 2
object-src 'self' *.acellusacademy.com *.authorize.net *.acellus.com 2
default-src data: 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de www.econda-monitor.de connect.facebook.net www.googleadservices.com maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'self' 'unsafe-inline'; style-src tagmanager.google.com fonts.googleapis.com c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net *.google.com maps.googleapis.com *.gstatic.com www.google-analytics.com *.google.de stats.g.doubleclick.net 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de www.econda-monitor.de www.google-analytics.com 'self'; report-uri /backend/csp 2
default-src https://cdn.xolphin.com 'self'; img-src https://cdn.xolphin.com 'self' data: 2
frame-ancestors 'self' http://awards.ratingruneta.ru http://ratingruneta.ru https://mc.yandex.ru https://yastatic.net https://webvisor.com 2
default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com  *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.mousestats.com  *.m4dc.com data: ; object-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com  *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com  *.googleapis.com cdn.jsdelivr.net *.typekit.net  *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com  *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com  maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;report-uri https://www.facebook.com/csp/reporting/ 2
font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 2
script-src 'unsafe-inline' 'unsafe-eval' * data: 2
default-src 'self'; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' *.sciquest.com *.ariba.com *.nova.edu *.coupahost.com *.covestro.com *.intellecat.com *.bmc.com *.vinimaya.com *.oraclecloud.com *.equallevel.com *.terracon.com *.eplus.com *.pacificorp.us *.punchout2go.com *.STATE.PA.US equallevel.com *.macewan.ca p2p.caci.com *.verian.com *.aquiire.net *.nvenergy.com *.sherwin.com *.fwisd.org *.cchmc.org *.esmsolutions.com *.ocps.* *.pacificorp.us *.oracleoutsourcing.com *.ocps.k12.fl.us *.ivalua.us *.vroozi.com *.varstreet.com *.ocps.net *.edmonton.ca 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://*.krxd.net https://mdeo-cms.imgix.net; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://*.krxd.net; child-src https://www.google.com https://*.krxd.net; script-src 'self' 'unsafe-inline' https://a.mdeo.co https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.krxd.net; connect-src 'self' https://a.mdeo.co https://cms.mdeo.co https://test-cms.mdeo.co https://www.google-analytics.com; 2
default-src 'self'; child-src 'self' *.wistia.com *.wistia.net *.addthis.com *.marketo.com *.marketo.net *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com; script-src 'self' *.snapapp.com *.hirebridge.com *.hrjobcenter.com *.g2crowd.com *.capterra.com *.truste.com *.trustarc.com *.hushly.com *.reachforce.com *.addthisedge.com tagmanager.google.com *.wistia.com *.wistia.net *.amazonaws.com *.marketo.com *.marketo.net *.cloudfront.net *.twitter.com *.twimg.com *.terminus.services *.doubleclick.net *.olark.com *.stackadapt.com *.driftt.com *.googleadservices.com *.crazyegg.com *.facebook.net *.hotjar.com *.bing.com *.addthis.com *.googletagmanager.com *.optnmstr.com *.optimizely.com *.google-analytics.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' data: *.truste.com *.trustarc.com *.hushly.com tagmanager.google.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.olark.com 'unsafe-inline'; img-src 'self' data: *.g2.com *.opmnstr.com hushly.s3.amazonaws.com *.hushly.com driftt.imgix.net *.g2crowd.com *.gstatic.com *.pubmatic.com *.twitter.com *.twimg.com *.stickyadstv.com *.lkqd.net *.smartadserver.com *.districtm.io *.deployads.com *.liadm.com *.outbrain.com *.rubiconproject.com *.googletagmanager.com *.advertising.com *.taboola.com *.akamaihd.net *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.optmnstr.com *.terminus.services *.cloudfront.net *.stackadapt.com *.bing.com *.google.com *.digitru.st *.ml-api.io *.doubleclick.net *.bidswitch.net *.adnxs.com *.facebook.com *.olark.com *.google-analytics.com *.truste.com  *.trustarc.com *.optimizely.com; object-src 'self'; font-src 'self' *.hushly.com *.cloudfront.net *.amazonaws.com *.googleapis.com *.gstatic.com *.optimizely.com data:; form-action 'self' *.twitter.com *.facebook.com; base-uri 'self'; connect-src 'self' *.snapapp.com *.mstrlytcs.com *.opmnstr.com *.hotjar.io *.truste.com *.trustarc.com *.hushly.com *.addthis.com *.wistia.com *.litix.io *.hotjar.com *.facebook.com *.doubleclick.net *.optimizely.com *.olark.com *.stackadapt.com *.optmnstr.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com *.akamaihd.net wss: data:; frame-src 'self' *.snapapp.com *.g2.com *.google.com *.truste.com *.trustarc.com *.doubleclick.net *.addthis.com *.hotjar.com *.driftt.com *.olark.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.twitter.com *.facebook.com *.youtube.com; frame-ancestors 'self'; media-src 'self' blob: data: *.cloudfront.net *.optimizely.com *.akamaihd.net *.wistia.com *.wistia.net *.olark.com; worker-src 'self' blob: *.wistia.com *.addthis.com *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com *.marketo.com; 2
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.gbe.global https://gbe.global; 2
frame-ancestors 'self' teachef.com teacritic.com teamap.com teamuse.com teachat.com adagio.com 2
script-src 'unsafe-inline' 'self' 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info ; child-src 'self' * ;frame-src 'self' * 2
report-uri 'self';default-src 'self' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: http://*.agoda.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2
default-src * 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://myaccount.news.com.au https://myaccount.news.com.au 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' smartsupp-widget-161959.c.cdn77.org fonts.googleapis.com downloads.mailchimp.com *.google.com media.flixcar.com *.cloudfront.net 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src https: data: 2
script-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.zdassets.com *.googletagmanager.com; object-src 'self'; frame-src 'self' 'unsafe-inline' *.google.com; frame-ancestors 'self' 'unsafe-inline' *.google.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/optimize/ https://dev.visualwebsiteoptimizer.com https://*.googleapis.com https://*.gstatic.com https://*.vo.msecnd.net https://www.googletagmanager.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://bam.nr-data.net https://js-agent.newrelic.com https://tagmanager.google.com/debug https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js https://tagmanager.google.com/debug/api/templates https://d6unz3nsyh8vw.cloudfront.net; 2
default-src * data: *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: *; connect-src *; 2
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 2
default-src  'self' ; img-src      'self' 'unsafe-inline' data: *.linkbynet.com www.google-analytics.com secure.gravatar.com stats.g.doubleclick.net www.google.com www.google.co.uk ssl.gstatic.com www.gstatic.com v.fastcdn.co c.fastcdn.co anthill.instapage.com storage.googleapis.com www.google.fr t.co www.googletagmanager.com; script-src   'self' 'unsafe-inline' 'unsafe-eval' *.linkbynet.com static.smartrecruiters.com consent.cookiebot.com www.youtube.com www.googletagmanager.com www.google-analytics.com www.smartrecruiters.com maps.googleapis.com api.autopilothq.com platform.twitter.com consentcdn.cookiebot.com tagmanager.google.com s.ytimg.com static.hotjar.com script.hotjar.com sjs.bizographics.com www.google.com snap.licdn.com px.ads.linkedin.com www.gstatic.com v.fastcdn.co c.fastcdn.co heatmap.services storage.googleapis.com g.fastcdn.co static.ads-twitter.com analytics.twitter.com;  style-src    'self' 'unsafe-inline' data: fonts.googleapis.com *.linkbynet.com static.smartrecruiters.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com tagmanager.google.com v.fastcdn.co c.fastcdn.co;  font-src     'self' data: *.linkbynet.com fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com v.fastcdn.co storage.googleapis.com c.fastcdn.co;  frame-src    'self' *.youtube.com www.google.com api.autopilothq.com platform.twitter.com syndication.twitter.com vars.hotjar.com d3mwhxgzltpnyp.cloudfront.net consentcdn.cookiebot.com;  object-src   'self' ;  connect-src 'self' yoast.com api.autopilothq.com www.google-analytics.com heatmap.services d.fastcdn.co in.hotjar.com; 2
frame-ancestors 'self' weworkwithplanes.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https https://static.optoma.co https://teststatic.optomaeurope.com https://code.jquery.com https://fast.fonts.net https://www.googletagmanager.com https://*.google.com https://*.pingdom.net https://*.youtube.com https://www.google-analytics.com https://*.ytimg.com https://www.youtube-nocookie.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.google.co.uk https://*.jsdelivr.net https://*.aspnetcdn.com https://youtube.com https://*.vimeo.com https://unpkg.com https://*.addthis.com 2
object-src 'self' www.google-analytics.com ajax.googleapis.com; 2
frame-ancestors 'self' www.facebook.com oauth.securevetsource.com accounts.google.com accounts.google.co.in 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://www.mincotur.gob.es http://www.mincotur.gob.es https://cdn.syndication.twimg.com https://syndication.twitter.com http://www.google-analytics.com https://www.google-analytics.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com http://i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com; frame-src 'self' https://syndication.twitter.com https://platform.twitter.com http://maps.google.com https://www.google.com https://maps.google.com https://www.youtube.com; 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://91.121.38.251 http://51.75.145.18 http://51.75.145.222 http://51.75.157.23 http://51.75.60.195 http://51.75.52.31 http://51.77.66.37 http://51.68.154.126 http://51.75.145.15; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
style-src 'self' 'unsafe-inline' *.beacdn.com *.googleapis.com; 2
text/html 'self'; 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://188.165.58.205 http://51.75.145.18 http://51.75.145.222 http://51.75.157.23 http://51.75.60.195 http://51.75.52.31 http://51.77.66.37 http://51.68.154.126 http://51.75.145.15; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
default-src 'self';connect-src 'self' https://*.mqcdn.com https://*.mapquest.com https://*.mapquestapi.com;font-src 'self';form-action 'self';frame-ancestors 'self' https://*.facebook.com https://www.lamiatravel.gr;img-src 'self' data: https://*.travelapi.com https://*.mapbox.com https://*.mapquestapi.com;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mqcdn.com;style-src 'self' 'unsafe-inline';worker-src 'none';report-uri /index.html?action=cspreport; 2
frame-ancestors *.travelallrussia.com *.firebirdtours.com *.force.com http://webvisor.com https://tourstoeurope.com 2
frame-ancestors http://3.122.13.119 http://3.122.13.119/* https://caramel.la https://caramel.la/* 'self' 2
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: dodopizza.io *.dodopizza.io dodopizza.com *.dodopizza.com dodopizza.ru *.dodopizza.ru msecnd.net *.msecnd.net ivideon.com *.ivideon.com extcam.com *.extcam.com windows.net *.windows.net visualstudio.com *.visualstudio.com dodois.com *.dodois.com azurewebsites.net *.azurewebsites.net dodopizzaru-a.akamaihd.net dodopizza-a.akamaihd.net dodopizzadev-a.akamaihd.net localhost:7071 mindbox.ru *.mindbox.ru facebook.com *.facebook.com facebook.net *.facebook.net google.com *.google.com google.ru *.google.ru googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com g.doubleclick.net *.g.doubleclick.net doubleclick.net *.doubleclick.net yandex.ru *.yandex.ru webvisor.com *.webvisor.com amplitude.com *.amplitude.com dodopizza.kz *.dodopizza.kz dodopizza.co.uk *.dodopizza.co.uk dodopizza.uz *.dodopizza.uz dodopizza.by *.dodopizza.by dodopizza.ro *.dodopizza.ro dodopizza.ee *.dodopizza.ee dodopizza.lt *.dodopizza.lt dodopizza.kg *.dodopizza.kg dodopizza.si *.dodopizza.si vk.com *.vk.com top-fwz1.mail.ru ad.mail.ru 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdn.mxpnl.com https://app.intercom.io https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://dc.services.visualstudio.com/v2/track https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com; font-src 'self' data:  https://fonts.gstatic.com https://js.intercomcdn.com; child-src 'self' https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' https://js.intercomcdn.com; img-src 'self' data:  https://everwealth-stg-sa-api.azurewebsites.net https://www.gravatar.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com; manifest-src 'self'; connect-src 'self'  https://everwealth-stg-sa-api.azurewebsites.net https://everwealth-stg-sa-idn.azurewebsites.net https://js.logentries.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://dc.services.visualstudio.com/v2/track https://cdn.mxpnl.com https://api.mixpanel.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com; report-uri https://everwealth.report-uri.io/r/default/csp/enforce 2
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 2
default-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://www.tbs-internet.com https://www.tbs-certificats.com https://www.tbs-certificates.co.uk ; connect-src 'self' https://www.tbs-certificates.co.uk https://www.tbs-internet.com https://secure.comodo.com https://www.tbs-certificats.com ; img-src 'self' data: https://www.tbs-certificats.com https://tbs-certificats.com https://www.tbs-certificates.co.uk https://tbs-certificates.co.uk https://www.tbs-internet.com https://seal.globalsign.com https://ssl.google-analytics.com https://trustlogo.comodo.com https://trustlogo.sectigo.com https://ssif1.globalsign.com https://chart.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tbs-internet.com https://www.tbs-certificats.com https://www.tbs-certificates.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://apis.google.com https://ajax.googleapis.com https://seal.globalsign.com https://trustlogo.comodo.com https://trustlogo.sectigo.com https://www.trustlogo.com https://secure.comodo.net https://widget.trustpilot.com https://www.gstatic.com https://ssif1.globalsign.com https://maps.google.fr js.stripe.com ; object-src 'self' ; child-src 'self' https://secure.comodo.net https://trustlogo.comodo.com https://trustlogo.sectigo.com https://widget.trustpilot.com https://maps.google.fr https://www.google.com js.stripe.com ; frame-src 'self' https://secure.comodo.net https://trustlogo.comodo.com https://trustlogo.sectigo.com https://widget.trustpilot.com https://maps.google.fr https://www.google.com js.stripe.com  2
frame-ancestors *.telmate.com *.telmate.cc *.intelmate.com *.intelmate.net intelmate.net *.telmate.ca 2
script-src * data: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; default-src 'unsafe-inline' 'unsafe-eval' 'self' *; font-src 'unsafe-inline' 'unsafe-eval' 'self' data: fonts.gstatic.com cdn.jsdelivr.net; img-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 2
script-src https://ssl.google-analytics.com https://twitter.com 'unsafe-eval' https://*.twimg.com https://api.twitter.com https://analytics.twitter.com https://publish.twitter.com https://ton.twitter.com https://syndication.twitter.com 'nonce-dBCa+2rvj+Sk2jHvXX0zpQ==' https://www.google.com https://platform.twitter.com https://www.google-analytics.com blob: 'self'; frame-ancestors 'self'; font-src https://twitter.com https://*.twimg.com data: https://ton.twitter.com 'self'; media-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://v.cdn.vine.co https://dwo3ckksxlb0v.cloudfront.net https://twitter.com https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://amp.twimg.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://prod-video-us-west-1.pscp.tv https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://ton.twitter.com https://prod-video-eu-west-3.pscp.tv https://rmdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://mtc.cdn.vine.co https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; connect-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://*.giphy.com https://dwo3ckksxlb0v.cloudfront.net https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://vmaprel.snappytv.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://embed.pscp.tv https://api.twitter.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://pay.twitter.com https://prod-video-us-west-1.pscp.tv https://analytics.twitter.com https://vmap.snappytv.com https://*.twprobe.net https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://prod-video-eu-west-3.pscp.tv https://syndication.twitter.com https://sentry.io https://rmdhdsnappytv-vh.akamaihd.net https://media.riffsy.com https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://embed.periscope.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://vmapstage.snappytv.com https://upload.twitter.com https://proxsee.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://vmap.grabyo.com https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; style-src https://fonts.googleapis.com https://twitter.com https://*.twimg.com https://translate.googleapis.com https://ton.twitter.com 'unsafe-inline' https://platform.twitter.com 'self'; object-src https://twitter.com https://pbs.twimg.com; default-src 'self' blob:; frame-src https://twitter.com https://*.twimg.com https://player.vimeo.com https://pay.twitter.com https://ton.twitter.com https://syndication.twitter.com https://vine.co twitter: https://www.youtube.com https://platform.twitter.com https://upload.twitter.com 'self'; img-src https://*.giphy.com https://*.pscp.tv https://twitter.com https://*.twimg.com data: https://clips-media-assets.twitch.tv https://lumiere-a.akamaihd.net https://ton.twitter.com https://syndication.twitter.com https://media.riffsy.com https://www.google.com https://platform.twitter.com https://api.mapbox.com https://www.google-analytics.com blob: https://*.periscope.tv 'self'; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1561424630.77984.139693.157770&h=sas2-5538-133-sas-portal-morda-17154&csp=old&date=20190625&yandexuid=2555531311561424630; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
default-src mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.moatads.com *.doubleverify.com *.adsafeprotected.com; script-src 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.odnoklassniki.ru ok.ru *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com; img-src data: blob: *; style-src 'unsafe-inline' 'unsafe-eval' blob: *.mail.ru *.imgsmail.ru *.mradx.net; font-src data: blob: https: *.mail.ru *.imgsmail.ru *.mradx.net; frame-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; child-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; report-uri https://cspreport.mail.ru/splash; 1
default-src * blob:; img-src * data: blob:; connect-src * wss: blob:; frame-src 'self' *.zhihu.com weixin: *.vzuu.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 zhihujs: captcha.guard.qcloud.com; script-src 'self' blob: *.zhihu.com res.wx.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com i.hao61.net 'nonce-5b6f3cdf-b18a-4792-9efe-4397ff85180f'; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com captcha.gtimg.com 1
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l 1
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.pub.247-inc.net https://www.wootag.com; script-src 'nonce-JLOGMTX0arW82zA8To+QmurbvrlkKTUDy1n89k9/FCTPb6VI' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-9FDMzuhc3lDY4Q05imJ7J0xuVQ' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-ciWUMdwIwl' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 'unsafe-inline' 'nonce-MTQyLDIwLDQ5LDY3LDEwOSwxOTQsMjQxLDM0'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://cdn.discordapp.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com/collect ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/; 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-GosE//u2I7PKKzAnVF6R' 'nonce-tL+DK/4/Bz6ebmZ/2wav' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; 1
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 1
frame-ancestors 'self' https://*.spotify.com https://*.spotify.net 1
frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 1
script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com 'nonce-7028024671980384801'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: blob: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://www.payzippy.com https://tnc.phonepe.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://www.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-7028024671980384801'; worker-src 'self' https://*.flipkart.com blob:; child-src 'self' https://*.flipkart.com 'nonce-7028024671980384801'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://csp.flipkart.com/csp 1
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com static.xx.fbcdn.net data:; 1
frame-ancestors 'none'; upgrade-insecure-requests 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=63dac68e-13c4-4676-bcd1-1774b14ee5db&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=63dac68e-13c4-4676-bcd1-1774b14ee5db&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
script-src https://ngastatic.com https://www.googletagmanager.com https://assets.allegrostatic.com https://adservice.google.pl https://adservice.google.com https://securepubads.g.doubleclick.net https://ad.doubleclick.net https://allegro.hit.gemius.pl https://connect.facebook.net https://nebula-cdn.kampyle.com https://www.googletagservices.com https://www.youtube.com https://player.vimeo.com https://www.googleadservices.com https://s.ytimg.com https://www.google-analytics.com 'nonce-PSNeKL5FW6kOuwIGJQyGvQ==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample'; block-all-mixed-content; report-uri https://edge.allegro.pl/seclog/csp 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-ugVToTBEwO' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0d1cdee8-f631-4a5c-bd77-e03f2aed1022 1
block-all-mixed-content; base-uri 'self' https://optimize.google.com/optimize/; frame-ancestors 'self' teams.microsoft.com 1
frame-ancestors 'self' https://*.gamer.com.tw; 1
style-src 'unsafe-inline' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; default-src https://*.flickr.com https://*.staticflickr.com; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://de.adserver.yahoo.com https://sb.scorecardresearch.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com http://*.static-alpha.flickr.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net; media-src https://*.flickr.com https://*.staticflickr.com https://*.http.atlas.cdn.yimg.com http://*.static-alpha.flickr.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-c5743570a819a97b9a5955ead71f4ec8' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; connect-src https://*.flickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net; frame-src https://*.flickr.com https://combo.staticflickr.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; child-src https://*.flickr.com https://combo.staticflickr.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; font-src https://*.staticflickr.com https://*.flickr.com data:; worker-src blob:; report-uri https://www.flickr.com/csp_report.gne?src=adsecflickr; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.kz https://*.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.kz *.yandex.kz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.kz https://passport.yandex.kz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.kz *.yandex.kz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.kz https://*.yandex.kz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.kz *.yandex.kz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.kz&showid=1561432496.81263.140335.167896&h=vla1-8472-2e4-vla-portal-morda-31387&csp=old&date=20190625&yandexuid=8828298001561432496; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.kz https://www.yandex.kz https://pass.yandex.kz https://mc.yandex.kz zen.yandex.kz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.kz www.yandex.kz suggest.yandex.kz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
default-src 'none'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.apple-cloudkit.com *.apple-livephotoskit.com; style-src 'self' data: 'unsafe-inline' *.icloud.com *.apple.com *.cdn-apple.com; img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com; font-src 'self' blob: data: *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com; object-src 'self'; 1
frame-ancestors 'self' *.grammarly.com 1
default-src 'self' ; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.uidai.gov.in ; font-src 'self' data:; form-action 'self'  *.twitter.com; object-src 'self'; media-src 'self'; frame-ancestors 'self'; frame-src *.youtube.com *.uidai.gov.in  .facebook.com *.twitter.com; img-src 'self' *.twitter.com *.twimg.com *.ytimg.com 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com *.twitter.com *.uidai.gov.in   .facebook.net; style-src 'self' *.facebook.net *.uidai.gov.in  *.twimg.com *.twitter.com 'unsafe-inline'; 1
default-src 'none'; script-src 'nonce-lo4KT3QdpKgDoMOXPsrEqg==' 'unsafe-inline' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; style-src 'unsafe-inline' https://yastatic.net; img-src 'self' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; font-src yastatic.net; connect-src yandex.ru mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru; report-uri https://csp.yandex.net/csp?from=ufo-auth&yandex_login=&yandexuid=3237316831561435299; 1
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://www.coinbase.com; child-src 'self' https://www.coinbase.com https://fast.wistia.net https://*.online-metrix.net https://*.wpstn.com https://netverify.com https://platform.twitter.com https://www.google.com/recaptcha/ https://cdn.plaid.com/link/ https://*.doubleclick.net/ blob: https://www.youtube.com/embed/nh6oPFZ4pXw https://www.youtube.com/embed/iWA1eLgSmfM https://www.youtube.com/embed/Ixo93EaaIy0 https://www.youtube.com/embed/COljxvEgDOg; connect-src 'self' https://www.coinbase.com https://api.coinbase.com https://api.mixpanel.com https://*.online-metrix.net https://api.cloudinary.com https://ott9.wpstn.com/live https://api.amplitude.com/ https://d3907m2cqladbn.cloudfront.net/ https://exceptions.coinbase.com https://assets.coinbase.com/ static.coinbase.com wss://ws.coinbase.com wss://ws.coinbase.com:443 https://www.coinbase.com/api https://www2.coinbase.com; font-src 'self' https://www.coinbase.com https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; img-src 'self' data: https://www.coinbase.com https://images.coinbase.com https://d3907m2cqladbn.cloudfront.net/ https://static-assets.coinbase.com/ https://dynamic-assets.coinbase.com https://exceptions.coinbase.com https://coinbase-uploads.s3.amazonaws.com https://s3.amazonaws.com/app-public/ https://maps.gstatic.com https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://csi.gstatic.com https://www.google-analytics.com https://res.cloudinary.com https://secure.gravatar.com https://i2.wp.com https://*.online-metrix.net https://assets.coinbase.com/ https://hexagon-analytics.com https://api.mixpanel.com https://cb-brand.s3.amazonaws.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/r/collect https://card.coinbase.com/ blob: static.coinbase.com https://www.facebook.com/tr https://www2.coinbase.com; media-src 'self' https://www.coinbase.com blob:; object-src 'self' data: blob: https://www.coinbase.com https://cdn.siftscience.com https://*.online-metrix.net https://www.gstatic.com https://www.google.com/recaptcha/api/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coinbase.com https://fast.wistia.com/assets/external/E-v1.js https://cdn.siftscience.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://*.online-metrix.net https://code.jquery.com https://chart.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://netverify.com https://ajax.cloudflare.com https://cdn.plaid.com/link/v2/stable/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; style-src 'self' 'unsafe-inline' https://www.coinbase.com https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; report-uri /csp-report 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.by https://*.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.by *.yandex.by; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.by https://passport.yandex.by wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.by *.yandex.by; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.by https://*.yandex.by awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.by *.yandex.by; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.by&showid=1561437420.22708.121971.157291&h=sas2-0120-sas-portal-morda-17154&csp=old&date=20190625&yandexuid=1368264461561437420; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.by https://www.yandex.by https://pass.yandex.by https://mc.yandex.by zen.yandex.by an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.by www.yandex.by suggest.yandex.by; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com https://cibnext.icicibank.com 1
frame-ancestors 'self' *.wildberries.ru 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.lifewire.com *.qa.aws.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1
script-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline'; img-src 'self' data: *.startpage.com *.ixquick.com; frame-ancestors 'self' 1
default-src 'self' badoo.com eu1.badoo.com us1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com badoocdn.com *.badoocdn.com pd2us.badoocdn.com *.pd2us.badoocdn.com   *.api.here.com *.paypal.com pagead2.googlesyndication.com api.giphy.com api.tenor.com *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com pd2us.badoocdn.com *.pd2us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd2us.badoocdn.com *.pd2us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd2us.badoocdn.com *.pd2us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src *; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://akamai-b.cdn.cddbp.net https: data: 1
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss: blob:; object-src https:; 1
base-uri 'self';connect-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.sentry.io https://sentry.io;default-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;font-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net data:;img-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://creditkarma-cms.imgix.net/ https://creditkarma.imgix.net/ https://ck-content.imgix.net/ https://ck-assets.imgix.net/ https://www.google-analytics.com https://seal.digicert.com https://stats.g.doubleclick.net https://www.google.com data:;object-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;script-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://seal.digicert.com https://js-agent.newrelic.com 'strict-dynamic' 'report-sample' data: 'nonce-1d1629aa235ec4c0e1656eedcf09ae9b';style-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net 'unsafe-inline' data: https://fonts.googleapis.com;worker-src 'self';report-uri https://sentry.io/api/1213169/security/?sentry_key=6ccb2738843e424b8bc559905d29b115 1
frame-ancestors 'self' www.stumbleupon.com stumbleupon.com; 1
report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1561443081.7232.141019.155098&h=man2-5402-4cc-man-portal-morda-29675&csp=new&date=20190625&yandexuid=4104923511561443081;default-src yastatic.net;img-src yastatic.net 'self' yandex.ru yandex.com mc.yandex.ru mc.admetrica.ru avatars.mds.yandex.net data: mc.yandex.com favicon.yandex.net;child-src yandex.ru mc.yandex.ru yandex.com mc.yandex.com;script-src 'nonce-Vgex/KUrR8C0Nb0SQw5mrQ==' yastatic.net mc.yandex.ru yandex.com mc.yandex.com;style-src 'unsafe-inline' yastatic.net;connect-src yandex.com mc.yandex.ru mc.admetrica.ru mc.yandex.com yastatic.net 1
default-src 'self' *.hltv.org:* https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.gstatic.com https://syndication.twitter.com http://platform.twitter.com https://platform.twitter.com https://*.flashtalking.com https://*.twimg.com https://chart.googleapis.com data://* 'unsafe-eval'; script-src 'self' *.hltv.org:* https://*.hltv.org:* 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com http://www.gstatic.com 'sha256-9nLWw42ittR15h7pdgpdCZMwOJfWBPX/P8LQSzOn+Jk='; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com http://platform.twitter.com https://platform.twitter.com 'unsafe-inline'; frame-src *; connect-src 'self' *.hltv.org:* https://sentry.io *.gainskins.com ws://*.hltv.org:* wss://*.hltv.org:* ws://cf1-scorebot.hltv.org:* ws://c2-scorebot.hltv.org:* wss://cf1-scorebot.hltv.org:* wss://cf2-scorebot.hltv.org:* wss://cf3-scorebot.hltv.org:* wss://cf4-scorebot.hltv.org:* https://cf1-scorebot.hltv.org:* https://cf2-scorebot.hltv.org:* https://cf3-scorebot.hltv.org:* https://cf4-scorebot.hltv.org:* 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com.tr https://*.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com.tr *.yandex.com.tr; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com.tr https://passport.yandex.com.tr wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com.tr *.yandex.com.tr; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com.tr https://*.yandex.com.tr awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com.tr *.yandex.com.tr avatars-fast.yandex.net favicon.yandex.net; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.comtr.com.tr&showid=1561443255.38769.175944.167461&h=vla2-0092-285-vla-portal-morda-pre-fb0-9235&csp=old&date=20190625&yandexuid=6834428211561443255; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com.tr https://www.yandex.com.tr https://pass.yandex.com.tr https://mc.yandex.com.tr zen.yandex.com.tr an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com.tr www.yandex.com.tr suggest.yandex.com.tr; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
script-src 'self' https://www.lofter.com *.dun.163yun.com *.netease.com *.127.net *.126.net qiyukf.com *.163.com https://10.120.145.54 *.w3t.cn *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com res.wx.qq.com 3gimg.qq.com jsapi.qq.com 127.0.0.1:* 59.111.29.38:* 10.241.1.94:* 10.240.100.206:* 'unsafe-inline' 'unsafe-eval' blob:;style-src * 'unsafe-inline' data:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
default-src 'self'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' ad.adriver.ru bam.nr-data.net bat.bing.com cdn-cm.gcdn.co connect.facebook.net js-agent.newrelic.com pixel-geo.prfct.co platform.twitter.com static.criteo.net tag.marinsm.com u360.d-bi.fr *.google.com *.visualwebsiteoptimizer.com *.cloudfront.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.wargaming.net *.worldoftanks.com *.yandex.by *.yandex.com.tr *.yandex.kz *.yandex.net *.yandex.ru *.yandex.ua ; style-src cdn-cm.gcdn.co *.wargaming.net *.worldofwarships.ru *.googleapis.com *.google.com 'unsafe-inline' ; img-src data: 'self' * ; font-src data: cdn-cm.gcdn.co fonts.gstatic.com *.wargaming.net ; frame-src api.advpartners.org *.googletagmanager.com *.google.com *.googleadservices.com *.wargaming.net *.yandex.ru *.yandex.net *.yandex.ua *.yandex.by *.yandex.kz *.yandex.com.tr ; connect-src api.advpartners.org *.visualwebsiteoptimizer.com *.googleapis.com *.google-analytics.com *.wargaming.net *.yandex.ru *.yandex.net *.yandex.ua *.yandex.by *.yandex.kz *.yandex.com.tr; report-uri https://cspreport.wargaming.net/cspreport 1
base-uri 'self';connect-src *;default-src 'self' *.meetup.com *.dev.meetup.com:8001;font-src * data:;frame-src *;img-src * data: blob:;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 27vckaccbto7p761.pro acrmbjkk6qc5utby.pro ads.exdynsrv.com syndication.exdynsrv.com js.wpnjs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 27vckaccbto7p761.pro acrmbjkk6qc5utby.pro ads.exdynsrv.com syndication.exdynsrv.com js.wpnjs.com; img-src 'self' static.exdynsrv.com; frame-src mg.adskeeper.co.uk js.wpnjs.com; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com 1
sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts 1
frame-ancestors 'self' *.brazzers.com *.bz.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.2gis.com *.2gis.ru s0.2mdn.net *.adriver.ru *.ampproject.net *.ampproject.org *.apester.com *.cloudfront.net www.dailymail.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com facebook.com *.facebook.com *.gemius.pl giphy.com *.google.com *.googleapis.com *.googlesyndication.com themes.googleusercontent.com *.gstatic.com instagram.com *.instagram.com video.khl.ru *.moatads.com *.mradx.net ok.ru *.ok.ru *.playbuzz.com *.qmerce.com rutube.ru *.rutube.ru *.serving-sys.com soundcloud.com *.soundcloud.com *.streamrail.com *.twimg.com twitter.com *.twitter.com player.vimeo.com vine.co vk.com *.vk.com *.weborama.fr *.yandex.ru *.yandex.net yandex.st yandexadexchange.net *.yandexadexchange.net yastatic.net *.youtube.com *.adsafeprotected.com *.newstube.ru *.bbc.com *.viqeo.tv facecast.net *.facecast.net bbc-maps.carto.com wtrfall.com *.1tv.ru corpmail.fluidsurveys.com *.nhl.com *.knightlab.com imgur.com *.tradingview.com paymaster.ru silatv.ru *.silatv.ru cdn.embedly.com player.vgtrk.com sportmail.ru *.sportmail.ru piter.tv *.bonus-tv.ru uma.media learningapps.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' js-inject *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.adlooxtracking.com *.algovid.com s3.amazonaws.com cdn.ampproject.org *.apester.com *.bing.com static.bbc.co.uk news.files.bbci.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.net *.facebook.com *.flickr.com translate.google.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.google.ru *.instagram.com mediatoday.ru *.moatads.com *.mradx.net *.mxpnl.com *.odnoklassniki.ru ok.ru *.ok.ru *.playbuzz.com *.qmerce.com sb.scorecardresearch.com *.twimg.com *.twitter.com platform.vine.co vk.com *.vk.com *.webvisor.com *.mtproxy.yandex.net *.yandex.ru yandex.st yastatic.net *.pinterest.com *.adsafeprotected.com *.serving-sys.com *.viqeo.tv *.videonow.ru apis.google.com wtrfall.com *.cloudfront.net *.imgur.com *.tradingview.com mytopf.com *.redditmedia.com cdn.embedly.com sportmail.ru *.sportmail.ru; connect-src 'self' wss://*.mail.ru wss://*.devmail.ru wss://*.viqeo.tv *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.algovid.com *.ampproject.net *.apester.com *.doubleclick.net facebook.com *.facebook.com *.facebook.net *.flickr.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.instagram.com *.mixpanel.com *.mradx.net *.playbuzz.com *.qmerce.com geo.query.yahoo.com twitter.com *.twitter.com *.yadro.ru *.yandex.ru yandex.st yastatic.net collector.mediator.media *.serving-sys.com *.doubleverify.com *.viqeo.tv *.videonow.ru *.vidiom.net wtrfall.com *.mediator.media mytopf.com *.reddit.com wss://sportmail.ru wss://*.sportmail.ru sportmail.ru *.sportmail.ru; img-src 'self' * data: blob:; worker-src blob: 'self' *.mail.ru *.devmail.ru sportmail.ru *.sportmail.ru; report-uri https://portal-csp-report.corp.mail.ru/report/ 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-lmpQt5Oq81UmH4FEStFezuP40s' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
frame-ancestors *.jeuxvideo.com 1
frame-ancestors 'self' *.cbssports.com *.sportsline.com *.247sports.com *.maxpreps.com *.scout.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 1
default-src 'self' 'sha256-EE2P6EnF5LyhuHD1GXvcAyp0VMA+ELbkbSFlR4akzKI=' 'sha256-6F7C0E903A7D577847AE427BCB66FECB5692E6D55355D2B6986552A783B892A9' 'sha256-ekEC0FEv8t+Q88qseT1uVB/azdF0VZjnwSKhwlY+9wc=' 'sha256-76L2z81IsyivXOW8b8CsEk7m32YfJBqYCKQLmvatdCQ=' 'unsafe-inline' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net *.searchemoji.global;img-src *;frame-src 'self' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net www.youtube.com www.youtube-nocookie.com player.vimeo.com 'nonce-ZTA0MTE3ZjljN2M1NGFmZWI4OGY3ZmY5YmY1Njc4Mjc=';media-src *;style-src 'self' 'unsafe-inline' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net;script-src 'self' 'unsafe-eval' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net 'nonce-ZTA0MTE3ZjljN2M1NGFmZWI4OGY3ZmY5YmY1Njc4Mjc=' 'sha256-ekEC0FEv8t+Q88qseT1uVB/azdF0VZjnwSKhwlY+9wc=' 'sha256-76L2z81IsyivXOW8b8CsEk7m32YfJBqYCKQLmvatdCQ=' 1
default-src 'self' https://*.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  connect.facebook.net www.googletagservices.com yandex.st *.doubleclick.net *.googleadservices.com  *.googlesyndication.com *.criteo.com *.criteo.net vk.com *.vk.com *.imgsmail.ru *.google.com *.google.ru connect.mail.ru *.connect.mail.ru *.ok.ru *.adriver.ru *.r-99.com cdn.mxpnl.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagservices.com *.gstatic.com yandex.ru *.yandex.ru yastatic.net cdnjs.cloudflare.com  *.yandex.net oimenkr.com *.2mdn.net 2mdn.net   *.twitter.com *.google.com.ua *.google.by *.google.cz *.google.kz *.google.de *.google.es js.mamydirect.com  abp.smartadcheck.de *.ampproject.org  *.adfox.ru mc.webvisor.org *.google.ge *.google.ee *.google.me *.google.co.uk *.google.be *.google.no *.google.bg *.google.fr *.google.az *.google.is *.google.lu *.google.in *.google.lv *.google.nl *.google.iq *.google.dk *.google.kg *.google.com.tr *.google.fi *.google.md *.google.me *.google.gr *.google.it *.google.pl *.google.co.il *.google.hu *.google.ae *.google.co.ve *.google.ch *.google.co.uz *.google.co.th *.betweendigital.com; object-src 'self' *; style-src 'unsafe-inline' 'unsafe-eval' 'self'  *; img-src 'self' data: blob: * ; media-src 'self' *; frame-src 'self' *.googlesyndication.com *.facebook.com  facebook.com vk.com *.vk.com apis.google.com connect.odnoklassniki.ru *.ok.ru connect.mail.ru accounts.google.com  *.doubleclick.net  *.doubleclick.net  *.youtube.com www.google.com *.criteo.com  *.criteo.net *.gstatic.com yandex.ru *.yandex.ru *.r-99.com oimenkr.com *.oimenkr.com   *.yandexadexchange.net yandexadexchange.net *.2mdn.net 2mdn.net *.twitter.com yastatic.net *.yandex.net *.googletagservices.com *.vimeo.com *.hpmdnetwork.ru ams.creativecdn.com *.betweendigital.com *.archive.org archive.org; font-src 'self' data: blob: * ; connect-src 'self' * 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-UFknhkgVXc' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-LYIxgAkqhk' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self' https://askfm.adspirit.de 1
frame-ancestors 'self'  *.ampproject.org *.zdbb.net *.specless.tech *.specless.io *.mashable.com mashable.com *.alphr.com androidcommunity.com androidforums.com betanews.com cellphoneforums.net *.channelpro.co.uk *.cloudpro.co.uk *.codingforums.com *.denofgeek.com *.developerfusion.co.uk *.electricbento.com *.expertreviews.co.uk *.extremetech.com geardiary.com *.geek.com *.gottabemobile.com *.hometheaterforum.com hothardware.com *.howardforums.com *.itpro.co.uk *.knowyourmobile.com *.myce.com *.onmsft.com phandroid.com *.product-reviews.net *.simplehelp.net *.slashgear.com *.techlicious.com *.techshout.com *.tgdaily.com *.thedroidguy.com *.thehdroom.com *.theinquirer.net *.theweek.co.uk *.tweaktown.com *.ubergizmo.com *.ultrabookreview.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-oZeXBZqYdm' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://a.alimama.cn g.click.taobao.com platform.sina.com.cn suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com tui.cnzz.net www.google-analytics.com *.googlesyndication.com static.huohu123.com https://www.duba.com/main3_json.html http://www.duba.com/main3_json.html; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; report-uri /_/csp-reports 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork 1
upgrade-insecure-request; 1
default-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' blob: data: *.qwant.com *.kamoov.com; style-src 'unsafe-inline' data: *.qwant.com; 1
default-src 'none'; block-all-mixed-content; child-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net pixel.mathtag.com https://c.paypal.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://adservice.google.com https://events.uber.com https://staging.cdn-net.com https://www.cdn-net.com https://siteintercept.qualtrics.com https://d3i4yxtzktqr9n.cloudfront.net https://ramensjc.uber.com https://ramendca.uber.com https://auth.uber.com *.hotjar.com events.uber.com api.mixpanel.com d1a3f4spazzrp4.cloudfront.net *.optimizely.com www.google-analytics.com *.tealiumiq.com *.demdex.net; font-src 'self' data: fonts.gstatic.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; form-action 'self' 'self' https://staging.cdn-net.com https://www.cdn-net.com https://www.facebook.com; frame-ancestors 'self'; frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net pixel.mathtag.com staging.cdn-net.com https://c.paypal.com staticxx.facebook.com https://www.cdn-net.com *.hotjar.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; img-src 'self' data: https: https://apps.rokt.com https://c.paypal.com https://phx.stats.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com * * https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; media-src 'self' https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; object-src https://www.cdn-net.com; script-src 'self' 'unsafe-inline' 'nonce-c0697fa1-235b-4ff0-a6df-2a15b17a6ac4' analytics.twitter.com bat.bing.com graph.facebook.com https://*.cdn-net.com https://*.siteintercept.qualtrics.com https://amplify.outbrain.com https://c.paypal.com https://siteintercept.qualtrics.com https://staging.cdn-net.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.cl https://www.google.co.ao https://www.google.co.in https://www.google.co.jp https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.sg https://www.google.com.tw https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ru https://www.google.se https://www.googletagmanager.com https://www.paypalobjects.com maps.googleapis.com mathid.mathtag.com pixel.mathtag.com platform.twitter.com static.ads-twitter.com *.hotjar.com 'unsafe-eval' script.crazyegg.com www.google-analytics.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://pullo.uberinternal.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; report-uri https://csp.uber.com/csp?a=web-eats&ro=false&v=1 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: about:; frame-src https: http: about: softpedia.com; frame-ancestors 'self' 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-hcQhinJiXO' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1
policy-uri /parivahan/'self' 1
default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-FagneK9p07z2O3HVVBZ7yurFyIxDzcwo' data:; connect-src 'self' *.blockchain.com *.blockchain.info https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' https://rsms.me https://fonts.googleapis.com 'nonce-FagneK9p07z2O3HVVBZ7yurFyIxDzcwo'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; 1
frame-ancestors 'self' http://*.tirto.id https://*.tirto.id 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-toktMlaMLz' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-FonsysjqrY' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-VHMiUPqfdZ' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' https://gidonline.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gidonline.io *.braun634.com reichelcormier.bid *.adbetnet.com json.bannersvideo.com serving.adbetclickin.pink cdn.hdat.xyz hhit.xyz cdn7.rocks hgbn.rocks *.mxttrf.com oconner.link franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com *.criteo.com https://apis.google.com counter.yadro.ru; frame-src 'self' https://gidonline.io *.braun634.com *.adbetnet.com adbetnet.advertserve.com json.bannersvideo.com https://bannersvideo.com serving.adbetclickin.pink franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com biocdn.com cdn.hdat.xyz oconner.link *.r.worldssl.net counter.yadro.ru https://pandastream.cc moonwalk.cc https://trailerclub.me https://streamguard.cc *.youtube.com https://www.youtube.com https://apis.google.com; connect-src 'self' https://gidonline.io franecki.net reichelcormier.bid https://xml.bannersvideo.com wss://ws.hghit.com/ws *.onedmp.com wss://oconner.link:8041; style-src 'self' 'unsafe-inline' https://gidonline.io counter.yadro.ru; font-src 'self' https://gidonline.io counter.yadro.ru fonts.gstatic.com; img-src 'self' data: https://gidonline.io *.braun634.com *.gemius.pl *.adbetnet.com reichelcormier.bid serving.adbetclickin.pink imgg-cdn.adskeeper.co.uk imgg-cdn.mgid.com *.r.acdnpro.com creatives.adbetclickin.pink hg-bn.com ws.hghit.com c.datpix.net hhit.xyz hgbn.space hgbn1.com hgbnr.com hgbn.rocks cdn7.rocks hghit.com *.mxttrf.com *.deltacdn.net *.r.worldssl.net https://ft.imgsniper.com front.facetz.net counter.yadro.ru *.gstatic.com; object-src 'self' https://gidonline.io counter.yadro.ru 1
connect-src 'self' wss://*.nrk.no http://*.nrk.no https://*.nrk.no https://nrk-recommendations.appspot.com https://*.akstat.io https://*.go-mpulse.net https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.linkpulse.com https://*.lp4.io https://www.google-analytics.com https://*.scorecardresearch.com https://ssl-nrkstream.tns-cs.net https://cws.conviva.com https://stats.g.doubleclick.net *.analytics.edgesuite.net *.analytics.edgekey.net dc.services.visualstudio.com dc.applicationinsights.microsoft.com; default-src 'self' https://*.nrk.no; frame-src 'self' https://*.nrk.no https://chartbeat.com https://*.chartbeat.com https://cdn-gl.imrworldwide.com; img-src 'self' https://*.lp4.io https://*.linkpulse.com https://*.tns-cs.net https://*.chartbeat.net https://www.google-analytics.com https://*.nrk.no https://*.akamaized.net https://*.akamaihd.net https://*.scorecardresearch.com https://*.googleusercontent.com https://ssl-nrkstream.tns-cs.net https://stats.g.doubleclick.net https://secure-nor.imrworldwide.com https://secure-sdk.imrworldwide.com http://nrkstream.tns-cs.net *.scorecardresearch.com *.analytics.edgesuite.net *.analytics.edgekey.net data:; media-src https://*.nrk.no https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net blob: data:; script-src 'self' https://*.nrk.no https://www.google-analytics.com https://*.chartbeat.com https://*.chartbeat.net https://*.linkpulse.com https://*.lp4.io https://*.scorecardresearch.com https://www.gstatic.com https://cws.conviva.com https://ssl-nrkstream.tns-cs.net https://*.go-mpulse.net https://cdn-gl.imrworldwide.com *.analytics.edgesuite.net *.analytics.edgekey.net az416426.vo.msecnd.net blob: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1561428984.84137.141056.155377&h=man2-5668-bc6-man-portal-morda-29675&csp=old&date=20190625&yandexuid=4139665581561428984; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
frame-ancestors 'self' https://*.eluniverso.com http://*.eluniverso.com https://*.ampproject.net http://*.2mdn.net https://*.2mdn.net 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg  amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/the-new-yorker 1
frame-ancestors 'self' https://*.leetcode.com https://leetcode.com https://*.leetcode-cn.com https://leetcode-cn.com https://*.lingkou.com https://lingkou.com https://tongji.baidu.com https://www.growingio.com https://*.leetcode.pro https://leetcode.pro 1
frame-ancestors "self" 1
frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ 'unsafe-eval' 'nonce-79da1cb2b6bb4a028c3cfef9602ae614'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
frame-ancestors http://www.r18.com/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-CENpKAwZvW' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
report-uri https://sentry.io/api/190356/security/?sentry_key=0fb44384b50e4ee692405615e7837304; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src http: https://s.go-mpulse.net https://*.ngenix.net https://*.googlesyndication.com 'self'; script-src http: https://s.go-mpulse.net https://*.ngenix.net https://mc.webvisor.org https://googletagmanager.com https://*.cloudfront.net https://*.maps.yandex.net https://secure.payu.ru https://use.fontawesome.com https://adservice.google.com https://adservice.google.ru https://*.google-analytics.com https://www.googletagservices.com https://*.yandex.ru https://www.googletagmanager.com https://*.google.com https://securepubads.g.doubleclick.net https://cdn.jsdelivr.net https://www.gstatic.com https://*.pinterest.com https://i.pinimg.com https://*.twitter.com https://twitter.com https://connect.facebook.net https://yastatic.net https://vk.com https://cdn.ampproject.org https://pagead2.googlesyndication.com https://top-fwz1.mail.ru https://api.vk.com https://connect.ok.ru https://connect.mail.ru https://checkout.rbk.money 'unsafe-inline' 'unsafe-eval' 'self' blob: data:; font-src http: https://s.go-mpulse.net https://*.ngenix.net 'self' https://fonts.gstatic.com; img-src https://s.go-mpulse.net https://*.ngenix.net https://www.livemaster.ru:1812 https://csi.gstatic.com https://log.pinterest.com https://*.adfox.ru https://*.googlesyndication.com https://*.googletagmanager.com https://mc.webvisor.org https://syndication.twitter.com https://top-fwz1.mail.ru https://*.google-analytics.com https://*.facebook.com https://*.google.com https://*.google.ru https://counter.yadro.ru https://*.yandex.ru https://*.yandex.net https://vk.com https://*.vk.com https://*.g.doubleclick.net https://*.livemaster.ru https://*.livemaster.com 'self' data: blob: http:; frame-src http: https://s.go-mpulse.net https://*.ngenix.net 'self' https://*.facebook.net https://*.googlesyndication.com https://dl.metabar.ru https://static.cmptch.com https://www.livemaster.ru:1862 https://secure.payu.ru https://checkout.rbk.money https://mc.webvisor.org https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://*.google.com https://player.vimeo.com; frame-ancestors 'self' https://www.livemaster.ru:1862 https://*.payu.ru https://secure.payu.ru https://checkout.rbk.money https://mc.webvisor.org https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://www.google.com https://player.vimeo.com;  style-src http: https://s.go-mpulse.net https://*.ngenix.net 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://www.livemaster.ru:1862 https://*.livemaster.ru; connect-src https://s.go-mpulse.net https://*.ngenix.net https://*.googlesyndication.com https://yandex.ru https://yandex.com https://login.vk.com http: https://yandexmetrica.com:29010 https://*.payu.ru https://*.payu.com https://www.livemaster.ru:1862 https://*.lmteam.ru https://*.yandex.net https://ymetrica.com https://ymetrica1.com https://ymetrica2.com https://mc.webvisor.org https://mc.webvisor.com https://*.google-analytics.com http://*.google.com https://www.googleapis.com wss://*.livemaster.ru https://*.livemaster.ru https://*.livemaster.com https://graph.facebook.com https://matchid.adfox.yandex.ru https://*.g.doubleclick.net https://top-fwz1.mail.ru https://*.adfox.ru https://*.yandex.ru https://*.yandex.com https://getyabrowser.com https://*.appmetrica.webvisor.com https://www.facebook.com https://csi.gstatic.com https://player.vimeo.com https://*.clickmeeting.com 'self'; object-src http: https://s.go-mpulse.net https://*.ngenix.net 'self' https://player.vimeo.com https://www.youtube.com; report-uri /ajax/cspcollector.php 1
connect-src 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org https://glitch.com https://*.glitch.com https://*.glitch.me https://*.cloudflare.com https://*.algolia.net; script-src 'unsafe-eval' 'unsafe-inline' *.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com https://*.cloudflare.com *.cloudflare.com https://*.gitter.im https://*.cdnjs.com *.cdnjs.com https://*.jsdelivr.com *.jsdelivr.com *.twimg.com https://*.twimg.com *.youtube.com *.ytimg.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; style-src 'unsafe-inline' *.gstatic.com *.googleapis.com *.bootstrapcdn.com https://*.bootstrapcdn.com *.cloudflare.com https://*.cloudflare.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; font-src *.cloudflare.com https://*.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com https://*.bootstrapcdn.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; img-src * data:; media-src *.bitly.com *.amazonaws.com *.twitter.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; frame-src *.gitter.im *.gitter.im https: *.youtube.com *.twitter.com *.ghbtns.com *.freecatphotoapp.com freecodecamp.github.io 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:; worker-src    * blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *;  1
style-src 'unsafe-inline' 'self' *.yximgs.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruce.com *.qa.aws.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1
frame-ancestors http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 1
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' data: https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; img-src 'self' data: https:; connect-src 'self' https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
frame-ancestors 'self' http://*.dji.com https://*.dji.com 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-bc469a20826c4710806610afeffc1f6a'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.ua https://*.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.ua *.yandex.ua; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.ua https://passport.yandex.ua wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.ua *.yandex.ua; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.ua https://*.yandex.ua awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.ua *.yandex.ua; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ua&showid=1561438668.19003.139940.154806&h=man2-4973-345-man-portal-morda-29675&csp=old&date=20190625&yandexuid=1794240311561438668; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.ua https://www.yandex.ua https://pass.yandex.ua https://mc.yandex.ua zen.yandex.ua an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.ua www.yandex.ua suggest.yandex.ua; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 1
default-src 'self' *.utraff.com https://tr.kinopoisk.ru https://*.cdn.yandex.net adfill.me *.stickyadstv.com *.streamrail.com; connect-src 'self' kinoaction.ru mail.ru 3647.tech *.utraff.com *.3647.tech *.getaim.info *.yandex.ru apptoday.ru *.admixer.net out.pladform.ru adserver.otm-r.com ads.adfox.ru *.kinoclub77.ru moevideo.biz *.adlook.me kodikapi.com vidozzz.com stat.moevideo.net threedrive.su m-shes.ru loadercdn.com admachina.com *.klcheck.com *.zmctrack.net boostervideo.ru *.piguiqproxy.com *.amgload.net *.smcheck.org *.rcdn.pro trustjs.net https://ad.adriver.ru aj1433.online *.bannersvideo.com vidsummer.com greeentea.ru novbrom.com boogieiwoogie.ru https://ytimgg.com/ level1cdn.com *.adhigh.net vidalak.com *.mediawayss.com *.betweendigital.com *.doubleclick.net *.googlesyndication.com https://fseed.ru/ wss://wsp.marketgid.com/ws wss://bgrndi.com:8041/ wss://et-code.ru:7443 *.cdn.yandex.net *.yandex.ua https://mc.yandex.ru/ http://*.onedmp.com https://xdgeph.ru/ d38dub.ru csp-oz66pp.ru; style-src 'self' 'unsafe-inline' *; frame-src 'self' data: *.youtube.com *.webmoney.ru *.googleapis.com *.google.com *.doubleclick.net *.kinotreiler.com pirateplayer.com duvideo.net blob: *.bannersvideo.com *.advertserve.com serving.adbetclickin.pink bannersvideo.com *.braun634.com *.adlook.me *.republer.com pbcde.com utraff.com video-play.ru goinform.org *.utraff.com 3647.tech apptoday.ru *.kinoclub77.ru moevideo.biz playreplay.me playreplay.net thesame.tv m-shes.ru threedrive.su vk.com login.vk.com kodik.info hdrise.com hdlizor.com hdgo.top hdsrch.com vidozzz.com; img-src * data: blob:; object-src 'self' data: *.adlook.me; media-src * data:; font-src 'self' data: https://fonts.gstatic.com https://cdn.mirs.com https://cdn.adskeeper.co.uk/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.googlesyndication.com https://mc.yandex.ru https://mc.yandex.ru https://ajax.googleapis.com https://ajax.googleapis.com *.google.com.ua *.google.com *.google.ae *.googletagservices.com *.googleapis.com *.youtube.com an.yandex.ru *.kinotreiler.com vidalak.com apicaller.ru level1cdn.com www.gstatic.com https://yandex.st https://clck.yandex.ru kodik.cc hdrise.com hdlizor.com kodik.info *.hdgo.top hdgo.top hdbaza.com hdsrch.com *.adskeeper.co.uk *.tovarro.com *.moatads.com trafmag.com ad.adriver.ru trustjs.net recreativ.ru *.cloudflare.com *.3647.tech *.utraff.com *.jsdelivr.net *.kinoclub77.ru *.ampproject.org moevideo.biz m-shes.ru *.adlook.me octoclick.net serving.adbetclickin.pink *.bannersvideo.com json.bannersvideo.com adbetnet.advertserve.com *.braun634.com *.republer.com utarget.ru pbcde.com threedrive.su *.google.md vk.com yastatic.net sombersquirrel.com 1
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sync.adap.tv sync.adaptv.advertising.com *.adroll.com ssp.adskom.com sync.ad-stir.com *.akamaihd.net *.appier.net *.adnxs.com x.bidswitch.net bat.bing.com *.bizographics.com sjs.bizographics.com bookeo.com www-2903b.bookeo.com britishcouncil-email.createsend.com tags.clickintext.net apps-cdn.britishcouncil.org *.disquscdn.com *.disqus.com disqus.com *.doubleclick.net loadus.exelator.com ps.eyeota.net *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net cs.gssprt.jp www.google.de www.google.es *.google.com *.google.co.uk *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com *.ytimg.com britishcouncil.github.io *.linkedin.com snap.licdn.com idsync.rlcdn.com sync.crwdcntrl.net ml314.com *.mathtag.com aa.agkn.com bam.nr-data.net js-agent.newrelic.com olc.live.solas.britishcouncil.digital *.openx.net *.optimizely.com stags.bluekai.com cdn.polyfill.io *.qualaroo.com s3.amazonaws.com pixel.rubiconproject.com *.salesforceliveagent.com embed.scribblelive.com *.scupio.com *.semasio.net *.sharethis.com *.socdm.com sui.britishcouncil.org *.streamamg.com public.tableau.com tapestry.tapad.com match.adsrvr.org *.ads-twitter.com *.twimg.com *.twitter.com d17m68fovwmgxj.cloudfront.net ucarecdn.com *.vimeocdn.com player.vimeo.com vimeo.com vk.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com *.webtrends.com statse.webtrendslive.com dev.visualwebsiteoptimizer.com britishcouncil.wufoo.com *.yahoo.com b92.yahoo.co.jp s.yimg.com www.youtube.com *.instagram.com *.hotjar.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bp-1c51.kxcdn.com/prj/AS-2316012.js https://partners.leroymerlin.ru/api/tracker/sdk.js https://www.artfut.com/static/ https://tagmanager.google.com https://sslwidget.criteo.com/ https://res.cloudinary.com/aem/raw/upload/web-components/ https://*.ru.corp.leroymerlin.com https://suggest-maps.yandex.ru/suggest-geo https://www.googletagmanager.com/gtag/ https://static.criteo.net/js/ld/ld.js blob: https://optimize.google.com/optimize/ https://*.maps.yandex.net/ https://api-maps.yandex.ru/2.0-stable/ https://tracking.diginetica.net/divolte.js https://top-fwz1.mail.ru/js/code.js https://cdn.diginetica.net/306/client.js https://www.gstatic.com/recaptcha/api2/ https://www.google.com/recaptcha/api.js  https://leroymerlinru.webim.ru/ https://kladr-api.ru/api.php https://enterprise.api-maps.yandex.ru https://yastatic.net https://www.google-analytics.com https://get.shoppilot.ru/f/v1/56d42be28ddf8715e9014752/v2/app.js https://get.shoppilot.ru/f/v1/57ceea56437f575050000583/v2/app.js https://www.googletagmanager.com/gtm.js https://mc.yandex.ru/ https://recs.richrelevance.com/rrserver/p13n_generated.js https://media.richrelevance.com/rrserver/js/1.2/p13n.js https://vk.com/js/api/openapi.js https://connect.ok.ru/connect.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js  ; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://optimize.google.com/optimize/editor/css/ https://leroymerlin.ru https://res.cloudinary.com https://get.shoppilot.ru https://tagmanager.google.com/debug/ https://fonts.googleapis.com/ 1
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 1
child-src 'self'; connect-src *; img-src 'self' data: https://transferwise.desk.com https://assistly-production.s3.amazonaws.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://www.google-analytics.com https://q.quora.com https://bat.bing.com https://b97.yahoo.co.jp https://t.co https://*.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me https://dpx.airpr.com https://cx.atdmt.com https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://lienzo.s3.amazonaws.com https://widgets.transferwise.com https://platform-lookaside.fbsbx.com *.facebook.com *.googleusercontent.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.transferwise.com; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io 'self' https://js-agent.newrelic.com https://bam.nr-data.net connect.facebook.net tagmanager.google.com www.googletagmanager.com https://ajax.cloudflare.com dpx.airpr.com connect.facebook.net www.facebook.com staticxx.facebook.com bat.bing.com s.yimg.jp static.hotjar.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.google.co.uk www.google.com a.quora.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com https://www.informizely.com https://storage.googleapis.com https://script.hotjar.com https://ajax.googleapis.com https://b97.yahoo.co.jp; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com; frame-ancestors https://transferwiseturkiye.com.tr; frame-src https://staticxx.facebook.com youtube.com www.youtube.com https://www.facebook.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com; report-uri https://frontendservice.report-uri.com/r/t/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.hotjar.com https://*.ravelrycache.com https://*.chatlio.com https://*.hotjar.com https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com https://ban.nr-data.net bam.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com  https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.gstatic.com; frame-src 'self' https://*.facebook.com https://*.hotjar.com  https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=72063f01-702a-49fc-ad33-75ca025862c4&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=72063f01-702a-49fc-ad33-75ca025862c4&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
default-src 'self' ; img-src 'self'  https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com data: https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com  https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com  https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2  https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://*.optimizely.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ; frame-src 'self' https://cdn.lmiutil.com/ https://b.company-target.com https://*.lastpass.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com  https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com ;worker-src https://*.lastpass.com blob: 1
script-src *.walmart.ca *.walmartimages.ca *.wal.co assets.adobedtm.com *.googleadservices.com *.google.ca *.google.com *.gstatic.com *.google-analytics.com *.bing.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.scorecardresearch.com *.answerscloud.com *.newrelic.com *.ordergroove.com *.facebook.net bam.nr-data.net *.webcollage.net *.iesnare.com *.demdex.net *.googleapis.com *.2mdn.net *.walmart.com *.omtrdc.net *.circularhub.com *.youtube.com *.postescanada-canadapost.ca *.bazaarvoice.com *.ytimg.com *.device.4seeresults.com *.custhelp.com *.rnengage.com *.moatads.com *.casalemedia.com *.hlserve.com dnisjsqid2b9p.cloudfront.net *.myregistry.com *.rmtag.com *.pinimg.com *.storetail.io *.storetail.net *.agkn.com *.facebook.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; base-uri * 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.uz https://*.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.uz *.yandex.uz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.uz https://passport.yandex.uz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.uz *.yandex.uz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.uz https://*.yandex.uz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.uz *.yandex.uz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.uz&showid=1561447263.19728.140421.155167&h=man2-5679-0a0-man-portal-morda-29675&csp=old&date=20190625&yandexuid=7726304821561447263; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.uz https://www.yandex.uz https://pass.yandex.uz https://mc.yandex.uz zen.yandex.uz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.uz www.yandex.uz suggest.yandex.uz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-vtJyiaBkao' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://mc.yandex.ru 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=216d6586-3c1c-4f97-8ce5-3fce4b51ae9d&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=216d6586-3c1c-4f97-8ce5-3fce4b51ae9d&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
frame-ancestors 'self' btprt.dj snip.ly 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=db5ffa94-f509-43e3-9f3e-2cc73a9f5915 1
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=9rh7g39eh3lrc&partner=; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-JwaIzCCPiU' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com; 1
font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 1
upgrade-insecure-requests; default-src https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://cdn.jsdelivr.net/npm/md5-jkmyers@0.0.1/md5.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; connect-src 'self' https://*.weirdgloop.org https://*.runescape.wiki; img-src data: https:; media-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com; 1
img-src  http://*.tn.gov.in 1
frame-ancestors https://*.runescape.com:* https://*.jagex.com:* 1
frame-ancestors 'self' *.gsmarena.com *.killerfeatures.com *.91mobiles.com 1
default-src 'self' https://docs.google.com *.googleapis.com https://music.yandex.ru *.googletagmanager.com *.googlesyndication.com *.calameo.com *.facebook.com *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.google.com.ua *.twitter.com *.youtube.com http://*.youtube.com *.ok.ru ok.ru https://www.youtube.com *.odnoklassniki.ru  *.yandex.ru https://accounts.google.com https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com *.getloupe.com *.padlet.com *.twitter.com schoodle.ru https://prezi.com http://vedomosti.media.eagleplatform.com https://learningapps.org https://*.revolvermaps.com https://player.vgtrk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net *.gstatic.com *.google.com *.google.ru https://docs.google.com https://apis.google.com ajax.googleapis.com mc.yandex.ru an.yandex.ru *.yandex.ua *.yandex.ru vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru counter.rambler.ru www.googletagservices.com www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com *.odnoklassniki.ru *.ok.ru counter.rambler.ru https://www.googleapis.com relap.io schoodle.ru https://*.revolvermaps.com; object-src *; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com relap.io *.twitter.com *.bootstrapcdn.com ton.twimg.com cdn.jsdelivr.net uroki-maya.online; img-src * 'self' data: https:; media-src 'self'; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' mc.yandex.ru www.google-analytics.com www.googleapis.com; 1
frame-ancestors 'self' https://*.pottermore.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; child-src 'self' qaldqtraffic.masarak.com  maps.moi.gov.qa indd.adobe.com 1
img-src 'self' https://cache.vtrcdn.com/ https://cache-graphicslib.viator.com/graphicslib/ https://media.tacdn.com/media/ data: *.gstatic.com *.viator.com *.facebook.com *.zanox.com https://*.paypal.com *.zenaps.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; media-src 'self' https://cache.vtrcdn.com/; default-src 'self'; font-src 'self' https://cache.vtrcdn.com/ data:; style-src 'self' 'unsafe-inline' https://cache.vtrcdn.com/ *.google.com *.googleapis.com *.hotjar.com; object-src 'self' https://cache.vtrcdn.com/; child-src 'self' https://cache.vtrcdn.com/; form-action 'self' https://*.facebook.com https://accounts.google.com/* https://staging.cdn-net.com https://www.cdn-net.com https://*.paypal.com https://www.tamgrt.com/RT; connect-src 'self' https://cache.vtrcdn.com/ *.facebook.com *.hotjar.com wss://*.hotjar.com/api/v1/client/ws https://graylog.hotjar.com:12443/gelf *.paypal.com *.braintreegateway.com *.braintree-api.com bam.nr-data.net *.authoritycrm.com https://siteintercept.qualtrics.com https://ict.infinity-tracking.net/track https://ict.infinity-tracking.net/allocate; report-uri /orion/csp/report; frame-src 'self' https://cache.vtrcdn.com/ https://www.tamgrt.com/ https://pay.google.com/ https://*.facebook.com *.youtube.com *.cdn-net.com *.viatorinc.com *.vtrcdn.com *.hotjar.com *.tripadvisor.es *.tripadvisor.de *.tripadvisor.fr *.tripadvisor.it *.tripadvisor.nl *.tripadvisor.com *.tripadvisor.com.br *.tripadvisor.se *.tripadvisor.jp *.tripadvisor.dk *.tripadvisor.com.au *.tripadvisor.ca *.tripadvisor.co.uk *.paypal.com *.tapayments.com https://siteintercept.qualtrics.com https://tripadvisor.co1.qualtrics.com/; script-src 'nonce-iR9Hpm8Mgnm3oQix' 'self' https://cache.vtrcdn.com/ *.gstatic.com *.nr-data.net *.newrelic.com *.youtube.com *.ytimg.com *.googleapis.com *.hotjar.com *.tamgrt.com *.facebook.net s.yimg.com js-agent.newrelic.com *.cdn-net.com *.ict.infinity-tracking.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruceeats.com *.qa.aws.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=1c8a3876-4638-4044-8690-0780763b4faf&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=1c8a3876-4638-4044-8690-0780763b4faf&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalance.com *.qa.aws.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1
block-all-mixed-content; report-uri /csp-report?p=; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://boards.greenhouse.io/embed/job_board/js https://cdnjs.cloudflare.com/ajax/libs/jquery.mobilephonenumber/1.0.7/jquery.mobilePhoneNumber.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/caret/1.0.0/jquery.caret.min.js https://checkout.stripe.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://credit.klarnacdn.net/lib/v1/ https://embed.runkit.com https://ga.clearbit.com/v1/ga.js https://js.stripe.com https://platform.twitter.com/widgets.js https://*.stripecdn.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://x.klarnacdn.net/kp/lib/v1/ https://y4pfttj91h-1.algolianet.com/1/indexes/ https://y4pfttj91h-2.algolianet.com/1/indexes/ https://y4pfttj91h-3.algolianet.com/1/indexes/ https://y4pfttj91h-dsn.algolia.net/1/indexes/ 'report-sample'; object-src 'self'; base-uri 'self' 1
frame-ancestors https://apps.facebook.com; 1
default-src 'self' *.ksu.edu.sa; img-src *; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com; 1
frame-ancestors *.wikibuy.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; child-src *; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data: 1
default-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com *.googletagmanager.com *.googlesyndication.com *.facebook.com  *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.google.com.ua *.google.ca *.twitter.com *.youtube.com https://www.youtube.com *.odnoklassniki.ru *.rutarget.ru *.adriver.ru *.doubleclick.net *.bidswitch.net *.yandex.ru https://accounts.google.com https://googleads.g.doubleclick.net https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amalgama-lab.com https://*.amalgama-lab.com https://yandex.ru http://openstat.net *.google.ru http://*.google.ru http://cse.google.ru *.google.ru:* https://*.google.ru:* *.google.com http://*.google.com *.google.com.ua *.google.com:* https://*.google.com:* *.google.ca https://apis.google.com ajax.googleapis.com https://*.googleapis.com *.googleapis.com *.mixmarket.biz 4294953203.kt.mixmarket.biz *.revsci.net *.republer.com https://yastatic.net https://*.republer.com *.gstatic.com https://*.gstatic.com *.yandex.net https://*.yandex.net *.yandex.st *.yandex.ru https://*.yandex.ru yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net mc.yandex.ru https://*.yandex.ru an.yandex.ru https://an.yandex.ru *.yandex.ua https://*.googlesyndication.com  http://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.doubleclick.net *.doubleclick.net *.luxup.ru luxup.ru *.luxadv.com *.luxcdn.com vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru *.pinterest.com *.advertur.ru advertur.ru *.betweendigital.com counter.rambler.ru www.googletagservices.com www.googletagmanager.com  *.google-analytics.com *.googleadservices.com https://*.googleadservices.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru go.youlamedia.com *.adlabs.ru *.adriver.ru *.kavanga.ru https://*.kavanga.ru *.ok.ru ok.ru *.sociomantic.com *.odnoklassniki.ru *.googleusercontent.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com *.imrkcrv.net *.imrk.net *.infostatsvc.com *.avocet.io; img-src 'self' data: https://sync.omnidsp.com/  https://mis.mixmarket.biz/ https://relap.io https://x01.aidata.io https://sspstark.ru https://is.mixmarket.biz *.mixmarket.biz https://*.yandex.com *.amalgama-lab.com https://*.amalgama-lab.com https://*.advombat.ru http://openstat.net https://*.rambler.ru *.rutarget.ru *.smartyads.com https://*.republer.com sync.republer.com *.revsci.net yastatic.net *.yastatic.net *.adhigh.net *.datamind.ru counter.yadro.ru *.ytimg.com *.yandex.net *.yandex.st *.yandex.ru *.yandex.ua *.google.am *.google.it *.google.jo *.google.cz *.google.ch *.google.no *.google.ae *.google.at *.google.az *.google.bg *.google.me *.google.hr *.google.co.id *.google.co.il *.google.dk *.google.fr *.google.ge *.google.nl *.google.rs *.google.gr *.google.ba *.google.ro *.google.dz *.google.se *.google.sk *.google.md *.google.ee *.google.lv *.google.pl *.google.tn *.google.es *.google.si *.google.com.kw *.google.com.ng *.google.lu *.google.ca *.google.lt *.google.com.tr *.google.de *.google.com.cy *.google.com.au *.google.com.sg *.google.com.eg *.google.co.uk *.google.co.jp *.google.co.in *.google.co.ve *.google.com.kh *.google.com.mt *.google.com.np *.google.com.pe *.google.com.ph *.google.fi *.google.hu *.google.mn *.google.pt *.google.com.mx *.google.com.tj *.google.co.kr *.google.co.th *.google.com.tw *.pinterest.com vk.com  *.googleusercontent.com *.googlesyndication.com https://*.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com *.google.com *.google.ru *.google.by *.google.com.ua *.google.be *.google.ie *.google.com.ar *.google.kz *.gstatic.com https://*.gstatic.com counter.rambler.ru *.betweendigital.com *.luxup.ru *.luxup.ru:* *.imrk.net *.adlabs-retail.ru go.youlamedia.com *.gravatar.com  front.facetz.net ad.dumedia.ru rtb.rtcdn.ru g.mp.luxcdn.com *.rtb-media.ru *.whisla.com *.adlabs.ru *.recreativ.ru *.mail.ru *.tns-counter.ru  x.bidswitch.net *.luxadv.com *.sociomantic.com *.adriver.ru *.kavanga.ru b.kavanga.ru https://*.kavanga.ru *.hubrus.com *.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://googleads.g.doubleclick.net *.2mdn.net *.googleapis.com https://*.googleapis.com https://*.2mdn.net *.madnet.ru *.spotxchange.com https://*.spotxchange.com https://*.adform.net *.republer.com *.intencysrv.com *.googleadservices.com *.yahoo.com *.admitad.com 109.206.167.217 109.206.167.109 mc.yandex.ru mc.yandex.ru:* https://*.yandex.ru https://*.yandex.ru *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com *.rontar.com *.paradocs.ru *.uptolike.com *.adap.tv *.r24-tech.com *.adnxs.com *.rubiconproject.com *.btrll.com *.adtech.de *.liverail.com *.adadvisor.net *.openx.com *.upstats.ru *.advertising.com *.adsniper.ru *.lijit.com *.openx.net *.adframesrc.com *.adadvisor.net *.targetix.net *.trafex.net *.imrkcrv.net *.tovarro.com *.begun.ru *.avocet.io *.advombat.ru *.smaclick.com *.yadro.ru https://*.yadro.ru *.liveinternet.ru https://*.liveinternet.ru; style-src 'self' 'unsafe-inline' *.amalgama-lab.com https://*.amalgama-lab.com *.gstatic.com https://*.gstatic.com *.amalgama-lab.com https://*.amalgama-lab.com 'unsafe-inline' https://fonts.googleapis.com fonts.googleapis.com *.google.com *.sociomantic.com yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net;  media-src 'self'  *.amalgama-lab.com https://*.amalgama-lab.com *.youtube.com youtube.com; object-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com http://imrkcrv.net *.imrkcrv.net *.adriver.ru *.gstatic.com *.googlesyndication.com https://*.googlesyndication.com https://*.gstatic.com *.datariver.ru *.kavanga.ru *.googlevideo.com googlevideo.com *.ytimg.com ytimg.com *.youtube.com youtube.com an.yandex.ru https://an.yandex.ru *.yandex.ru; frame-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com *.googlesyndication.com https://*.googlesyndication.com *.googleadservices.com https://*.googleadservices.com *.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://googleads.g.doubleclick.net *.google.ru *.google.com *.yandex.st https://*.yandexadexchange.net *.imrk.net yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net; font-src 'self' data: *.amalgama-lab.com https://*.amalgama-lab.com *.gstatic.com *.googleusercontent.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' data: *.amalgama-lab.com https://*.amalgama-lab.com https://csi.gstatic.com https://pagead2.googlesyndication.com mc.yandex.ru *.yandex.ru https://*.yandex.ru www.google-analytics.com www.liveinternet.ru *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com https://*.yandex.ru; report-uri //www.amalgama-lab.com/csp/report0.php 1
frame-ancestors 'self' http://*.leroymerlin.fr https://*.leroymerlin.fr https://*.lmcdn.fr https://planv3.kazaplan.com 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.in  ; frame-src 'self' *.indeed.com *.indeed.co.in https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.in d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://ws.chain.com wss://*.karere.mega.nz localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://ghmpl.hit.gemius.pl https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://www.snrcdn.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.pl https://tagmanager.google.com https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.snrcdn.net; img-src 'self' 'report-sample' data: https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://ghmpl.hit.gemius.pl https://www.facebook.com https://s.ytimg.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://syndication.twitter.com https://ton.twimg.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.snrcdn.net; font-src 'self' 'report-sample' https://www.mbank.pl https://fonts.gstatic.com; connect-src 'self' 'report-sample' https://www.mbank.pl https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://www.google.pl https://ghmpl.hit.gemius.pl https://form.axaubezpieczenia.pl https://syndication.twitter.com https://search.interconsystems.pl https://synerise.com https://proxy.synerise.com https://tc.synerise.com https://tck.synerise.com https://messenger.synerise.com wss://messenger.synerise.com https://dc.synerise.com; media-src 'self' 'report-sample' https://www.mbank.pl https://www.snrcdn.net; object-src 'self' 'report-sample' https://www.mbank.pl https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://form.mbank.pl https://platform.twitter.com; child-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://www.youtube.com https://form.mbank.pl; form-action 'self' 'report-sample' https://www.mbank.pl https://form.mbank.pl https://form.mbank.com.pl; frame-ancestors 'self' 'report-sample' https://www.mbank.pl;  1
frame-ancestors 'self' *.dkb.de 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://be.wizzair.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://optimize.google.com https://connect.facebook.net https://cloudfront.loggly.com https://aff.bstatic.com https://widget.rentalcars.com https://*.hotjar.com https://*.hotjar.io https://js-agent.newrelic.com https://bam.nr-data.net *.akamaihd.net https://youtube.com https://www.youtube.com https://*.ytimg.com https://instagram.com https://www.instagram.com; connect-src 'self' wss: *.wizzair.com *.loggly.com *.akamaihd.net https://waplazrass01.search.windows.net https://bam.nr-data.net https://www.google-analytics.com https://partner.wizzair.com https://widget.rentalcars.com https://*.hotjar.com https://*.hotjar.io https://api.instagram.com https://www.facebook.com https://stats.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://widget.rentalcars.com https://cars.wizzair.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; frame-src https://5308433.fls.doubleclick.net https://*.booking.com https://secure.rentalcars.com https://www.facebook.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://optimize.google.com https://www.google.com https://www.instagram.com https://ir.q4europe.com; frame-ancestors 'none'; object-src 'self'; manifest-src 'self' 1
frame-ancestors http://*.dubizzle.com https://*.dubizzle.com https://app.optimizely.com; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.tenor.co https://*.tenor.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv 'nonce-MTRiMDQ1MzEtYjBiZi00NjFmLTk1MmUtYjA5ZGY4NzkwYTk2' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.imedia.cz http://*.imedia.cz https://*.imedia.cz *.pliing.com http://*.pliing.com https://*.pliing.com gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.seznamzpravy.cz https://www.seznamzpravy.cz *.pubmatic.com *.adform.net *.adnxs.com *.doubleclick.net *.doubleverify.com *.serving-sys.com ads.celtra.com login.szn.cz http://login.szn.cz https://login.szn.cz; frame-ancestors 'self' www.seznam.cz share.seznam.cz www.seznamzpravy.cz adminzpravy.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f51df744-718f-4264-be82-cff7c08771e0 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com tags.tiqcdn.com stats.g.doubleclick.net data:; img-src * data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; object-src 'self' https://do.centrum24.pl data:; connect-src 'self' wss://*.centrum24.pl 1
frame-ancestors 'self' slate.com *.slate.com 1
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com; prefetch-src https:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: android-webview-video-poster: http: *.images.dailystar.co.uk; media-src https: data: blob:; object-src https: data: blob:; font-src https: data: blob:; frame-src https: data: blob:; connect-src https: wss:; worker-src https: wss: blob: 1
default-src 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; script-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com 'unsafe-eval'; connect-src * 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; img-src data: 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; style-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https://*.muscache.cn; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://a.alipayobjects.com https://gw.alipayobjects.com https://static.agrant.com.cn https://static.t.agrant.cn https://t.agrantsem.com https://ditu.google.com https://*.muscache.cn https://*.muscache.com https://ss.musthird.cn https://m.baidu.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com 'sha256-00d8aUjZpHiuh3HoT5kPkSrDGA2vA9liaqGf9yg7w+I=' 'sha256-KqNAcQr2uMiAJPV3RQ68PYgokOQiVoFVXj8KmYUqaLI=' 'sha256-QQ28nMqgB+1t8z6ylTmBAdlBXm3iATmTPezSGkziFQs=' 'sha256-ei/yV0jofaAGqTKW+n8TwzNVNKXYaQIo2G1Kmau32Ig='; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' blob:; report-uri /tracking/csp?controller=china-guest-loop&action=%2F&req_uuid=5b53096f-37e0-4b75-85d3-f942e24ffd60&version=sha%3D940e2d9522d3&report_only=false; report-to /tracking/csp?controller=china-guest-loop&action=%2F&req_uuid=5b53096f-37e0-4b75-85d3-f942e24ffd60&version=sha%3D940e2d9522d3&report_only=false 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/self 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/bonappetit 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=7e7a8cf9-5dd9-4b11-a4b2-1e7cf853eeb4&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=7e7a8cf9-5dd9-4b11-a4b2-1e7cf853eeb4&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.credit-du-nord.fr *.banque-courtois.fr *.banque-kolb.fr *.banque-laydernier.fr *.banque-nuger.fr *.banque-rhone-alpes.fr *.banque-tarneaud.fr *.smc.fr 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/gq 1
frame-ancestors 'self' https://*.touristtube.com/; default-src https://*.touristtube.com/ https:; connect-src 'self' https://*.touristtube.com/ https://*.touristtube.com:8765/ https://chat.touristtube.com:3000/ https://*.facebook.com/ https://connect.facebook.net/ https://*.adroll.com/; img-src 'self' https://*.touristtube.com/ https://maps.googleapis.com/ https://*.gstatic.com/ https://www.google.com/ https://www.google.com.lb/ https://www.google-analytics.com/ https://www.google-analytics.com.lb/ https://*.alexametrics.com/ https://*.facebook.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://jwpltx.com/ https://*.doubleclick.net/ https://ads.yahoo.com/ data: blob: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.touristtube.com/ https://fonts.googleapis.com/ https://*.cloudflare.com/ https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.touristtube.com/ https://*.mastercard.com/ https://*.visa.com/ https://*.visamiddleeast.com/ https://*.paypal.com/ https://connect.facebook.net/ https://*.cloudflare.com/ https://*.payfort.com/ https://mpsnare.iesnare.com/ https://freegeoip.net/ https://*.newrelic.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://chat.touristtube.com:3000/ https://adservice.google.com/ https://adservice.google.com.lb/ https://*.googlesyndication.com/ https://connect.facebook.net/ https://code.jquery.com/ https://www.google-analytics.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://ssl.p.jwpcdn.com/player/ https://*.nr-data.net/ https://cdn.jsdelivr.net/; object-src 'self' blob: https:; worker-src 'self' blob: https://*.touristtube.com/ https: 1
frame-ancestors *.indiatimes.com *.zigwheels.com 1
frame-ancestors 'self' http://webvisor.com http://t2-spt.ru 1
frame-ancestors kink.com 1
frame-ancestors https://edmodo.com https://*.edmodo.com; 1
default-src blob: ;media-src blob: https://video.joomcdn.net https://*.amazonaws.com;form-action https:;frame-src https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';img-src data: https:;script-src 'strict-dynamic' 'nonce-MC42NjkxMzI=' 'unsafe-inline' https:;style-src 'self' data: 'unsafe-inline' ;connect-src 'self' https://api.joom.com https://api.joompay.tech https://www.google-analytics.com https://fcm.googleapis.com https://www.facebook.com https://api.branch.io https://*.bugsnag.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://video.joomcdn.net https://*.amazonaws.com https://app.adjust.com 1
img-src https: data:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; default-src https: blob:; style-src 'unsafe-inline' https:; media-src https:; font-src https: data:; connect-src https: wss:; frame-src https:; report-uri https://zbsfsvpmbzmjualklfjf2csg.httpschecker.net/report 1
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; connect-src 'self' http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com http://*.amazonaws.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; 1
frame-ancestors https://www.livehindustan.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.google.com www.gstatic.com ; style-src 'self' 'unsafe-inline' ; img-src * data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; connect-src 'self' opencollective.com ; object-src 'none' ; child-src 'self' www.youtube.com www.google.com webchat.quakenet.org ; frame-ancestors 'none' ; form-action 'self' www.paypal.com www.sandbox.paypal.com ; media-src 'self' pub.rachni.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/epicurious 1
script-src 'report-sample' 'nonce-Jc2R+2bzOOChdaQ0nTazFQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'self' https://booking.jetstar.com/; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f7ffd651-fd44-45e9-abe5-32d8d982ac3f 1
frame-ancestors 'self' http://www.tatasky.com; 1
default-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-eval' 'nonce-W2Db0xK9Xax4IY1T4dEXNw==' mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://suggest-maps.yandex.ru https://chat.s3.yandex.net tune.yandex.ru yandex.ru yandex.st yastatic.net social.yandex.ru; img-src 'self' data: blob: *.yandex.ru *.yandex.net yandex.ru mc.yandex.ru mc.beru.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.webvisor.org mc.webvisor.com mc.admetrica.ru yandex.st yastatic.net www.tns-counter.ru ar.tns-counter.ru fenek.beru.ru fox.beru.ru avatars.mds.yandex.net; style-src 'self' 'unsafe-inline' blob: yastatic.net yandex.st api.yandex.ru tech.yandex.ru; connect-src 'self' data: *.yandex.ru yandex.ru api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.admetrica.ru yandex.st yastatic.net; frame-src 'self' blob: data: *.beru.ru beru.ru https://yandex.ru *.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net mc.yandex.ru; child-src blob: mc.yandex.ru; font-src 'self' data: yastatic.net; media-src *.yandex.net yandex.st yastatic.net; report-uri https://csp.yandex.net/csp?uid=3249056791561446948&login=&from=market.market_front_blue_desktop.node&env=prod&ext=true&reqId=1561446948829%2Fff66b157cac2eb75ae2ceef456342040; 1
default-src .assrt.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: secure.assrt.net changyan.sohu.com changyan.itc.cn www.google-analytics.com http://bdimg.share.baidu.com d31qbv1cthcecs.cloudfront.net .statcounter.com; img-src data: blob: https: .xianliao.me http://tva3.sinaimg.cn; style-src 'unsafe-inline' https:; child-src https:; frame-src www.xianliao.me; connect-src 'self' changyan.sohu.com; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cf94c0d8-2728-4c65-afa8-c4f1010130ce&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cf94c0d8-2728-4c65-afa8-c4f1010130ce&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
default-src 'self'   https://*.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://login.dotomi.com https://ct.pinterest.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://service.force.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.perimeterx.net https://*.akstat.io https://*.g.doubleclick.net  https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://www.google-analytics.com https://static.criteo.net https://*.akamaihd.net https://*.rewardstyle.com https://urbanoutfitters.secure.force.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://www.myregistry.com https://core.conversant.mgr.consensu.org https://www.google.com https://www.babylist.com https://*.scene7.com https://*.cs23.force.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com;style-src 'self'  'unsafe-inline' https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://cdn.dynamicyield.com https://service.force.com https://urbn.my.salesforce.com https://urbanoutfitters.secure.force.com https://use.fontawesome.com https://*.rewardstyle.com https://app.curalate.com https://*.googleapis.com https://full-urbanoutfitters.cs23.force.com https://*.cs23.my.salesforce.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://script.crazyegg.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://fast.fonts.net https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://*.bluecore.com https://tpc.googlesyndication.com https://service.force.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://*.googleapis.com https://static.criteo.net https://urbn.my.salesforce.com https://urbanoutfitters.secure.force.com https://www.google.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://*.rewardstyle.com https://s3.amazonaws.com https://app.curalate.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://*.g.doubleclick.net https://www.babylist.com https://*.ra.linksynergy.com  https://*.cs23.my.salesforce.com https://full-urbanoutfitters.cs23.force.com https://*.clearpay.co.uk https://*.stg-sessionm.com  https://*.sessionm.com https://static.lightning.force.com;img-src 'self'   https://p.dlx.addthis.com https://images.anthropologie.com https://px0.pbbl.co https://www.facebook.com https://*.google.com https://ct.pinterest.com https://www.google-analytics.com https://datacloud.tealiumiq.com https://images.contentful.com https://images.ctfassets.net https://bat.bing.com data: https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.g.doubleclick.net https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.googleapis.com https://*.akstat.io https://www.google.co.uk https://static.criteo.net https://*.perimeterx.net https://cdn.dynamicyield.com https://*.akamaihd.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://www.googletagmanager.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://*.scene7.com https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://*.adsymptotic.com https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://user-event-tracker.crazyegg.com https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com  https://cdn.dashhudson.com https://*.ra.linksynergy.com;font-src 'self'   data: https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com;frame-ancestors 'none';object-src 'none';report-uri https://sentry.io/api/97976/security/?sentry_key=a1bb81efb0c1424ab57d256d26d3bc92 1
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1
frame-ancestors https://*.teen.co.id/ https://*.tempo.co/ https://tpc.googlesyndication.com/ https://www.youtube.com/ https://asset.tabloidbintang.com/ https://media.tabloidbintang.com https://www.twitter.com https://ads.as.criteo.com/ https://eus.rubiconproject.com/ https://onesignal.com/ 1
default-src 'self'; script-src 'self' c.mql5.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru trade.mql5.com blob: *.tile.openstreetmap.org connect.facebook.net www.facebook.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com gwt1.mql5.com gwt2.mql5.com gwt3.mql5.com gwt4.mql5.com gwt5.mql5.com gwt6.mql5.com gwt7.mql5.com gwt8.mql5.com gwt9.mql5.com gwt10.mql5.com gwt11.mql5.com connect.facebook.net www.facebook.com; frame-src 'self' c.mql5.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; child-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 1
frame-ancestors 'self' www.funtime.com.tw asfly.agenttour.com.tw asfly.pegatroncorp.com payez.agenttour.com.tw www.payeasy.com.tw; 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src * data: blob:; frame-ancestors *.smule.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https://boards.greenhouse.io/embed/job_board/js https://js.stripe.com/v2/ https://js.stripe.com/v3/ http://*.smule.com:* http://*.facebook.net http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.gstatic.com https://*.smule.com:* https://*.facebook.net https://*.accountkit.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com http://www.apple.com/library/quicktime/scripts/ac_quicktime.js https://www.apple.com/library/quicktime/scripts/ac_quicktime.js platform.twitter.com https://optimize.google.com https://cdn.branch.io https://app.link https://smule-alternate.app.link https://smule.app.link https://link.smule.com ; style-src 'unsafe-inline' data: http://*.smule.com:* https://*.smule.com:* yui.yahooapis.com https://optimize.google.com https://fonts.googleapis.com; report-uri /s/csp-log; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com *.recaptcha.net *.gstatic.cn *.gstatic.com *.google.com recaptcha.net *.google.cn 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancesmb.com *.qa.aws.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vogue 1
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 1
frame-ancestors https://adm.findagrave.com 1
script-src https://nimg.joyclub.de/ *.joyclub.de https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://vimeo.com www.tenor.com *.giphy.com https://dashboard.monitis.com/ https://rum.monitis.com https://www.gstatic.com/ https://*.x-check.de/ https://connect.facebook.net/ 'unsafe-eval'  'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vanityfair 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellmind.com *.qa.aws.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1
default-src 'self' blob:; connect-src 'self' onesignal.com; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' image.tmdb.org www.google-analytics.com images.weserv.nl cdnjs.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net ssl.p.jwpcdn.com ajax.cloudflare.com cdn.onesignal.com *.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com onesignal.com blob:; 1
frame-ancestors 'self' http://opr.carwale.com http://oprst.carwale.com https://www.autobiz.in http://allaboutcars.yahoo.com/ 1
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr piwik.openstreetmap.org; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.yaru.ru&showid=1561460567.43982.156199.170016&h=man2-5871-7be-man-portal-morda-128-31667&csp=old&date=20190625&yandexuid=8857873851561460567; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.uk  ; frame-src 'self' *.indeed.com *.indeed.co.uk https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.uk d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net 'unsafe-eval';  script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://dpm.demdex.net https://*.santander.co.uk 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self'; 1
default-src 'self' https://*.internshala.com; img-src 'self' https://internshala.com https://*.internshala.com https://s3-ap-southeast-1.amazonaws.com/internshala-uploads/ https://internshala-uploads.s3-ap-southeast-1.amazonaws.com/ https://*.google.com https://*.google.co.in https://*.google-analytics.com https://*.g.doubleclick.net data: https://*.googleapis.com https://pagead2.googlesyndication.com https://maps.gstatic.com https://www.googletagmanager.com https://conv.indeed.com; media-src 'self' https://internshala.com https://*.internshala.com https://s3-ap-southeast-1.amazonaws.com/internshala-uploads/ https://internshala-uploads.s3-ap-southeast-1.amazonaws.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-EXpoOegHeT4DBOvGV2O61A==' https://*.internshala.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.facebook.net https://*.facebook.com https://*.googleads.g.doubleclick.net https://*.jquery.com https://*.bootstrapcdn.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com; style-src 'self' 'unsafe-inline' https://*.internshala.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.google.com; font-src 'self' data: https://*.internshala.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.google.com; frame-src https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.linkedin.com https://*.youtube.com; frame-ancestors 'self' https://*.internshala.com; object-src 'none'; connect-src 'self' wss://*.internshala.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.co.in https://*.facebook.com https://*.instagram.com; base-uri 'self'; report-uri /csp_report/report_csp_error; 1
frame-ancestors http://*.uol.com.br https://*.uol.com.br 1
default-src * 'unsafe-inline'; frame-ancestors 'self'; img-src * data: blob:; media-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1
frame-ancestors 'self' http://*.vodafone.com http://*.vodafone.it https://*.vodafone.com https://*.vodafone.it 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=980cadc1-b0a6-4d22-bdf9-c5add93a1b8e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=980cadc1-b0a6-4d22-bdf9-c5add93a1b8e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.liveabout.com *.qa.aws.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1
frame-ancestors https://*.stoiximan.gr:* 1
default-src 'self'; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tealium.hs.llnwd.net service.maxymiser.net camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net www.google.com www.gstatic.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com cdn.otherlevels.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud https://d1tbz2wut6tv8f.cloudfront.net/camelot/detect www.cdn-national-lottery.co.uk fls.doubleclick.net; style-src 'self' 'unsafe-inline' camelotcdn.abaresearch.uk service.maxymiser.net eg4005bprl.egaincloud.net d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud www.cdn-national-lottery.co.uk; frame-src 'self' https://payments1.national-lottery.co.uk https://payments2.national-lottery.co.uk *.doubleclick.net *.tealiumiq.com www.youtube.com static.ak.facebook.com s-static.ak.facebook.com www.facebook.com service.maxymiser.net qgen.abaresearch.co.uk eg4005bprl.egaincloud.net www.google.com camelot.egain.cloud; img-src 'self' camelot.d3.sc.omtrdc.net d.turn.com service.maxymiser.net camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net www.facebook.com i.ctnsnet.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud www.cdn-national-lottery.co.uk blob:; connect-src 'self' camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net *.tealiumiq.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com js-api.otherlevels.com js-tags.otherlevels.com js-content.otherlevels.com js-mdn.otherlevels.com js-rich.otherlevels.com js-deliverability-api.otherlevels.com client-reporting.otherlevels.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud https://d1tbz2wut6tv8f.cloudfront.net/camelot/detect prp-prod-ia-pub.national-lottery.co.uk www.cdn-national-lottery.co.uk; frame-ancestors 'self'; font-src 'self' d26c0rrqwd9a5c.cloudfront.net www.cdn-national-lottery.co.uk 1
frame-ancestors https://hamariweb.com/ 1
script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/allure 1
frame-ancestors 'self' https://dnb.no https://*.dnb.no; default-src 'self' blob: http://test4.dnb.avantimedns.se 6479481.fls.doubleclick.net *.dnbeiendom.no http://www.e4cinvoice.com http://edok.ec.evry.com archive.ec.evry.com *.digipostdata.no https://api-fakturahotell.tellier.no https://bkk-web.bkk.no https://ringvirkninger.stage.george.no https://bkk-web2.bkk.no https://b2b.edb.com https://b2c.efakt.no https://cards.edb.com https://edi.hatteland.com https://edok.ec.evry.com https://efakt.lyse.no https://efaktura.emetro.no https://eFaktura.enita.no https://efaktura.fellesdata.no https://efaktura.biz https://efaktura.nets.no https://efaktura.quick.no https://dnbbankasa.tt.omtrdc.net https://assets.adobedtm.com https://e-faktura1.stralfors.net https://faktura.tabs.no https://*.efaktura.biz https://einvoice.compello.com https://*.celebrus.tech-03.net https://hotel.bbs.no/document https://invoicee.einvoiceportal.no https://invoice.lindorff.com https://kundonline.faktab.se https://mk.ec.evry.com https://privat.telenor.no https://*.efaktura.fellesdata.no https://www.e4cinvoice.com https://www.telenor.no preview.miprocloud.net *.siteimprove.com siteimproveanalytics.com surveydata.no mediaunit.23video.com dc.miprocloud.net *.digipost.no docs.google.com *.tiqcdn.com *.tealiumiq.com https://qbrick.hb.omtrdc.net *.dnbfeed.no https://dpm.demdex.net *.nets.eu *.bbs.no *.dnb.no *.dnb.se *.dnb.sg https://*.mastercard.com http://*.dnbnor.net *.edb.com *.bankid.no *.bankidapis.no *.bankidnorge.no themes.googleusercontent.com ssl.google-analytics.com fonts.gstatic.com fonts.googleapis.com csi.gstatic.com http://finncdn.no *.investtech.com *.morningstar.com adserver.adtech.de b2b.edb.com nettbankdrift.edb.com *.nets.no bedriftservice.no bilfinansonline.se carporten.dnbfinans.se carporten.nu connect.facebook.net designer.tagmycard.com dev.participant.com dnb.socialcee.com dnbnor.bankavstemming.no dnbnor.easycruit.com dnbnor.enterprisebanker.com dnbnorfeed.com www.deltager.no www.dnbfinans.net fidstest.dnbfinans.no get.adobe.com innbo.livesite.no itunes.apple.com ajax.googleapis.com *.doubleclick.net mts.googleapis.com mts0.googleapis.com mts1.googleapis.com maps-api-ssl.google.com maps.googleapis.com maps.gstatic.com www.gstatic.com plus.google.com apis.google.com maps.google.no www.google.no www.google.com www.googleadservices.com new.livestream.com thomsonreuters.com tools.euroland.com track.adform.net *.easyresearch.se webcastclients.s3.amazonaws.com www.adobe.com www.euroland.com www.newsweb.no www.nordic-online.net www.nordlandsbanken.no www.sandnes-sparebank.no www.slideshare.net www.soliditet.no www.ssf.no *.youtube.com *.ytimg.com www.youtube-nocookie.com www2.anleger-fernsehen.de wss://*.dnb.no wss://*.edb.com labeladmin.carporten.nu code.jquery.com no.bankid.app://* *.webtrends.com *.webtrendslive.com https://api.vipps.no https://sit02gw.api.test.tech-02.net https://ece46ec4-6f9c-489b-8fe5-146a89e11635.tech-02.net https://www.facebook.com data: chrome-extension: chromeinvoke: chromeinvokeimmediate: chromenull: 'unsafe-inline' 'unsafe-eval' qbrick.d3.sc.omtrdc.net wvjbscheme://* *.dnbproto.com *.mxpnl.com *.mixpanel.com *.socialboards.com *.qbrick.com https://translate.google.com https://translate.googl eapis.com https://*.akamaihd.net https://einvoicepublic.compello.com https://dnb-bank-dev.adobecqms.net https://content-stage.dnb.no https://content.dnb.no ; media-src 'self' *.dnb.no *.youtube.com:* *.vimeo.com:*; report-uri https://www.dnb.no/portalfront/csp/cspreportlog.php 1
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.jsuol.com.br *.googleadservices.com *.googletagmanager.com *.ampproject.org *.ytimg.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net *.simg.uol.com.br *.uol.com *.uol.com.br *.pagseguro.com.br *.facebook.net *.xg4ken.com *.dynad.net *.marketo.com *.hotjar.com *.jsdelivr.net *.tailtarget.com *.bing.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com 'unsafe-inline'; report-uri https://pagseguro.uol.com.br/csp-report 1
connect-src 'self' https://*.tesco.com https://*.optimizely.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com:* wss://*.hotjar.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://dpm.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tesco.com https://*.optimizely.com https://static.hotjar.com https://script.hotjar.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://maps.googleapis.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://*.doubleclick.net https://adservice.google.co.in/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://adservice.google.co.uk/adsid/integrator.js https://adservice.google.ie/adsid/integrator.js https://pagead2.googlesyndication.com/pagead/osd.js https://*.sociomantic.com https://www.googletagmanager.com/gtag/js https://www.googleadservices.com https://www.google.com/ads https://dpm.demdex.net https://*.omniture.com nonce-0ee3617920f3208ade2563d5350456fc23117ce7a397c6f5a0f14f1c1b7049bffa7e8bc0269e41a87e7d934d9333dea130eea7af63f3420089279d6529798ed8b5ab3df7ab12bbe403a613de02d5de7e1a1c33e100c3a30f37bfd4c233594987a65adb49ceaf25f71c0702bdb75acf61a9b52b6b9d6570de84cd9be3f22b8a6040db1e8324b83fa4d20f23c9f9297613671ebedf5da8b3d17258cd53360d68493cd4ac4eb173e0af8eede1fbc2f07ee4cfee97428b9ed7edd095b82e8f093fb53a62f0e60a2eac50db7297d672938a15827a771a61c3a8386cfaf7d51bdb32c5c136a10dfb1f35f0453baba763a6ff8a1f2c91abd624e8173209ad85849d22a9; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://* data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://app.optimizely.com https://*.doubleclick.net; child-src 'self' https://*.doubleclick.net https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com; frame-src https://*.googleadservices.com https://*.googlesyndication.com https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com https://*.googletagservices.com https://*.doubleclick.net https://*.sociomantic.com https://testci.demdex.net/; object-src 'none'; report-uri /ce-assets/csp-report-violation 1
default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ http://metrics.nationwide.co.uk/ *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js  https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/; 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' *.zopim.com data:; script-src 'self' *.google-analytics.com *.googletagmanager.com *.zopim.com *.google.com *.google.ca *.gstatic.com *.googleadservices.com googleads.g.doubleclick.net *.bing.com *.redditstatic.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.zopim.com data: *.zopim.io data: *.google.com *.google.ca *.gstatic.com *.bing.com *.reddit.com; connect-src 'self' wss://*.zopim.com http://v2.zopim.com https://v2.zopim.com; frame-src *.zopim.com *.google.com *.google.ca; media-src *.zopim.com 1
frame-ancestors https://www.google.com 'self' 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; frame-ancestors https:; img-src https: data:; media-src http: https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.flashback.org https://static.flashback.org; img-src 'self' data: https://static.flashback.org; style-src 'self' 'unsafe-inline' https://static.flashback.org; font-src 'self' https://static.flashback.org; form-action 'self'; connect-src 'self'; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://hackernoon.com https://*.hackernoon.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors https://customersso.publix.com/ 'self' 1
frame-ancestors *.hinet.net; 1
default-src 'self' localhost data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com *.wolframcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com ajax.googleapis.com *.wolframalpha.tw; img-src 'self' http://*.wolframcdn.com  wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 1
default-src 'self' *.sexdesant.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' betnetmed.advertserve.com vadideo.com https://yandex.ru *.yandex.net yastatic.net union-site-data.com xyz0k4gfs.xyz brilliantbc9.club ajax.cloudflare.com *.yandex.ru; img-src 'self' data: union-site-data.com xyz0k4gfs.xyz brilliantbc9.club *; style-src 'self' 'unsafe-inline' fonts.googleapis.com yastatic.net; frame-src 'self' advrich.com xyz0k4gfs.xyz; font-src 'self' fonts.gstatic.com; connect-src 'self' n161adserv.com *.ebalka.me mc.yandex.ru brilliantbc9.club; media-src 'self' data: fex.net cs1.fcdn.net *.sexdesant.com 1
connect-src 'self' https: https://api.womany.net https://cn-api.womany.net https://en-api.womany.net https://jp-api.womany.net https://member.womany.net https://go.justfont.com 1
frame-ancestors https://unitedstateslibraryofcongress.marketing.adobe.com 1
default-src blob: data: https://*.akamaihd.net https://*.akamaized.net https://*.analytics.edgekey.net https://*.linkpulse.com https://*.scribblelive.com https://*.svt.se https://*.twimg.com https://analytics.codigo.se https://cm.everesttech.net https://dpm.demdex.net https://pp.lp4.io https://sb.scorecardresearch.com https://sentry.io https://svt.d3.sc.omtrdc.net https://svt.demdex.net https://time.akamai.com https://trafficgateway.research-int.se https://translate.google.com https://www.gstatic.com https://www.svtstatic.se https://event-center-fwwc.sports.gracenote.com/ https://svt.html.infostradasports.com https://media-svt.stormgeo.com 'self' 'unsafe-eval' 'unsafe-inline';report-uri https://sentry.app.svt.se/api/2/csp-report/?sentry_key=6b8a1f48bd324aa489a252588099964b 1
default-src 'self'	*.sp sp *.softportal.com softportal.com *.softportal.ua http://www.softportal.com	master-push.com s.uuidksinc.net actpx.com actiflex.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st    *.doubleclick.net    https://*.googleapis.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.google-analytics.com    https://*.google.com https://*.google.com.ua https://*.google.ru    connect.facebook.net *.facebook.com    stg.odnoklassniki.ru *.ok.ru vkontakte.ru vk.com https://d31qbv1cthcecs.cloudfront.net    adv.otclick-adv.ru static.otclick-adv.ru otclick-adv.ru    files.goodadvert.ru engine.goodadvert.ru engine2.goodadvert.ru udb.goodadvert.ru udb.adgear.ru    js.softprotalfiles.com https://relap.io    *.mediatoday.ru mediatoday.ru    *.castplatform.com platform.twitter.com    www.googletagservices.com partner.googleadservices.com    http://universalsrc.com    http://rtb.com.ru/mediatoday-script    https://js.gleam.io slinks.yadro.ru    https://d31j93rd8oukbv.cloudfront.net/metrika/ https://mc.webvisor.com    s7.addthis.com m.addthisedge.com m.addthis.com api-public.addthis.com www.linkedin.com    js.mamydirect.com    https://cdn.ywxi.net https://www.mcafeesecure.com	master-push.com	actpx.com	jsc.marketgid.com https://servicer.marketgid.com https://cm.marketgid.com;child-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua http://www.softportal.com    *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st yastatic.net *.yandexadexchange.net    *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net    youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru    https://images01.iqoption.com https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com    https://*.googleapis.com https://*.gstatic.com https://gstatic.com cse.google.com    https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com https://www.google.com    https://accounts.google.com *.facebook.com vk.com login.vk.com    *.mediatoday.ru mediatoday.ru    yandexadexchange.net https://gleam.io platform.twitter.com https://syndication.twitter.com    s7.addthis.com https://www.mcafeesecure.com	master-push.com;connect-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua www.phpmyadmin.net    *.mediatoday.ru mediatoday.ru    an.yandex.ru mc.yandex.ru https://translate.googleapis.com www.google-analytics.com *.googleapis.com    https://mc.webvisor.com    s7.addthis.com m.addthis.com	master-push.com	https://msetup.pro;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.googleapis.com *.gstatic.com *.yandex.ru stg.odnoklassniki.ru cse.google.com www.google.com    *.mediatoday.ru mediatoday.ru    https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru https://relap.io data:;font-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.mediatoday.ru mediatoday.ru    *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com    https://*.gstatic.com https://*.yandex.ru data:;img-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.yandex.net *.yandex.ru yandex.ru yandex.st    *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com www.google-analytics.com ssl.google-analytics.com    https://*.yandex.net https://*.yandex.ru https://*.googlesyndication.com www.google.com clients1.google.com    https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://img.youtube.com    https://apycdn.com https://*.iqoption.com *.facebook.com    c.bigmir.net i.bigmir.net counter.rambler.ru counter.yadro.ru top100-images.rambler.ru partner.iobit-team.ru    www.tns-counter.ru vk.com de.c4.b5.a0.top.list.ru yastatic.net *.cloudfront.net cloudfront-labs.amazonaws.com    static.adtidy.net i.webguard.ru advombat.ru wq3.ru https://ad.admitad.com https://cdn.admitad.com/    *.mediatoday.ru mediatoday.ru    *.castplatform.com syndication.twitter.com    http://otclick-adv.ru http://universalsrc.com    http://rtb.com.ru https://i.ytimg.com    https://js.gleam.io cdn.relap.io https://relap.io https://x.cnt.my amscdn.relap.io    https://mc.webvisor.com https://cdn.ywxi.net  https://www.carambis.ru	https://imgg-cdn.marketgid.com c.marketgid.com cm.marketgid.com jsc.marketgid.com servicer.marketgid.com s-img.marketgid.com	imgg-cdn.tovarro.com cm.tovarro.com jsc.tovarro.com servicer.tovarro.com s-img.tovarro.com	cm.mgid.com jsc.mgid.com servicer.mgid.com s-img.mgid.com	udata.mixmarket.biz	data:;object-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.gstatic.com an.yandex.ru https://*.gstatic.com https://an.yandex.ru    *.mediatoday.ru mediatoday.ru; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=875dcf0c-ed50-4d81-b9a7-12e0d71e183e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=875dcf0c-ed50-4d81-b9a7-12e0d71e183e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
default-src https: 'self' *.google.com; img-src https: data:; style-src 'self' *.googleapis.com *.google.com 'sha256-UvsJ5gtL0c/whxmyVt4YoNv7YnPUd0tANZOlq3NshXE=' 'sha256-z0kguVeUlbcxez4SqrO86oejphhqKDFfdCPv4yuhe70=' 'sha256-F7P9UGrwDw2S+mmGfNjm0kP7JoWu2pG7jp96fpSdB7o=' 'sha256-5I0k/VqCDMpiDAoq1eqY3rnuhpP/YY/XHaCPlqvPjwE=' 'sha256-vs9j4DQ6NrTFzqr+WgLFutUEFINnEmB2UGZtgJuv53M=' 'sha256-dnk3F1ZGrgh9Kvk9Vn3ptiaFUoFeGRayv9lz2urXGw8=' 'sha256-V35h8FtGH4p0yIQ7N4YgUHm1WgTAWh72NT+CZjq6/gA=' 'sha256-EqHL6dM74npnc3dlTfDjshGC9aaZRfQRUkDGa028G5Q=' 'sha256-fjvAtStaFBxvVNdldskgty047ARB1tLsZ767Gk6hPuk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/4YlUlisxufO6wbKvYp4xV8Hkzxm85+1Tb31SjmAox0=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-2WQZQFa8KGAig8CPptpS8JDqetQ2jb5arMlI6fTGWiU=' 'sha256-g9aHNH7iF2hhGZYtVVd5mKQSnyLPmXWw5gwiuxBVonI=' 'sha256-VjKqXV9i0mo5RzxvaQpz7qQA91PkjLVqLQGYNI4Cc/I=' 'sha256-iSpdzct2G1Kfyci6Xt5l+iguE7Ni3MEvlbjUvEsbK5M=';  script-src 'self' https: 'nonce-330d32046ca943cc9939066ea8bf4649'; report-uri /csp-report 1
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net; connect-src 'self' https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=981b8f84-4f79-4846-9632-1a373112fa58&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=981b8f84-4f79-4846-9632-1a373112fa58&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; frame-ancestors https://*.eztravel.com.tw http://*.eztravel.com.tw  1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' blob:; connect-src wss: https: ; object-src 'self' blob: ; 1
frame-ancestors 'self' *.realitykings.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tabor.kz; 1
img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src https:; worker-src blob:; report-uri https://dailykos.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; 1
script-src 'nonce-ewHNDdhnpFHhaU6vuUDvT4ur2mAX8ru3eNFp23x3GNo=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI='; frame-ancestors 'none' 1
frame-ancestors 'self' *.brilliant.org *.online.tableau.com apps.facebook.com 1
form-action 'self' https://pacogames.os.tc/subscribe 1
frame-ancestors 'self' https://*.fdj.fr https://www.laredoute.fr/ http://clients.sismodesign.com; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri /api/csp-report 1
frame-ancestors 'self' http://*.bloomberg.com https://*.bloomberg.com 1
default-src 'self' *.g2crowd.com *.g2.com; child-src *; connect-src *; font-src * data:; form-action *; img-src * data:; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob:; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 1
default-src https://report.s.csp.squarespace.com; script-src https://static3.squarespace.com https://www.google.com https://www.gstatic.com; style-src https://static3.squarespace.com 'unsafe-inline'; img-src data: 'self'; base-uri 'none'; form-action 5help.squarespace.com support.squarespace.com squarespace.zendesk.com circleforum.squarespace.com; font-src data:; connect-src 'self' https://www.squarespace.com; report-uri https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; frame-src https://www.google.com https://static3.squarespace.com; child-src https://www.google.com https://static3.squarespace.com; report-to https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; 1
frame-ancestors 'self' http://www.stumbleupon.com 1
report-uri https://sportsmole.report-uri.com/r/d/csp/wizard 1
object-src * 'unsafe-inline' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 1
script-src 'self' www.google-analytics.com blockchain.info 'unsafe-inline' 1
frame-ancestors https://*.prokerala.com https://*.nxstatic.com; 1
default-src 'self' blob: https://*.futurelearn.com; object-src https://*.vzaar.com https://vzaar-video.ccindex.cn https://vjs.zencdn.net; base-uri 'self' https://*.futurelearn.com; frame-ancestors 'self' https://*.futurelearn.com; frame-src 'self' *; connect-src 'self' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about: *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; font-src 'self' about: data: *; report-uri /csp-violation 1
default-src 'self' *.binomo.com; child-src *; connect-src 'self' ekr.zdassets.com api.snrbox.com fcm.googleapis.com proxy.snrbox.com tck.snrbox.com wss://messenger.snrbox.com dc.snrbox.com www.googleapis.com www.google-analytics.com wss://*.zopim.com wss://*.cackle.me binomo.zendesk.com mc.yandex.ru *.intercom.io wss://*.intercom.io app.getsentry.com *.kameleoon.com *.binomo.com wss://as.binomo.com:* wss://ws.binomo.com:*; font-src data: 'self' *.zopim.com js.intercomcdn.com fonts.gstatic.com mc.yandex.ru *.livechatinc.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.binomo.com; img-src * data:; media-src 'self' www.snrcdn.net *.binomo.com; script-src 'self' *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io www.snrcdn.net *.intercomcdn.com binomo.co *.kameleoon.com *.cackle.me cackle.me cdn.rutarget.ru *.adroll.com gscst-84a.kxcdn.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com mc.yandex.ru *.mail.ru echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.ytimg.com www.gstatic.com *.livechatinc.com www.googleadservices.com binomo.go2affise.com proxy.synerise.com *.adnetwork.vn yastatic.net 'unsafe-eval' 'unsafe-inline' *.binomo.com; style-src 'self' *.google.com static.kameleoon.com *.cackle.me fonts.googleapis.com www.snrcdn.net 'unsafe-inline' *.binomo.com 1
frame-ancestors 'self' https://*.myfxbook.com 1
script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample' 'nonce-M6tCeNMvWsEZWtDZMTUAs82HDp9imEMtqpV7hcJAoLA='; object-src 'none'; base-uri 'self'; frame-src player.vimeo.com w.soundcloud.com www.slideshare.net www.youtube.com bandcamp.com sketchfab.com *.google.com *.facebook.com *.facebook.net *.twitter.com social-plugins.line.me *.g.doubleclick.net www.googletagmanager.com booth.karakuri.ai manage-booth.karakuri.ai https://booth.pm https://*.booth.pm https://factory.pixiv.net https://booth.pximg.net; connect-src 'self' *.pixiv.net *.pawoo.net www.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com www.googleadservices.com www.google.co.jp b92.yahoo.co.jp *.buyee.jp d.line-scdn.net stats.g.doubleclick.net ekr.zdassets.com *.zendesk.com https://booth.pm https://*.booth.pm https://factory.pixiv.net https://booth.pximg.net 1
default-src 'self' *.mychords.net; script-src 'self' *.mychords.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru clck.yandex.ru mc.yandex.kz mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.ua srv.clickfuse.com 'unsafe-eval' 'unsafe-inline' *.cackle.me  adservice.google.com.ua adservice.google.ru *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.googletagservices.com *.google.com cackle.me  http://ulogin.ru https://ulogin.ru; style-src 'self' *.mychords.net yandex.st yastatic.net *.googleapis.com *.cackle.me maxcdn.bootstrapcdn.com 'unsafe-inline' ; img-src * data:; media-src 'self' *.yandex.net yandex.st yastatic.net googleads.g.doubleclick.net; connect-src 'self' *.mychords.net *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com csi.gstatic.com  mc.yandex.ru an.yandex.ru yandex.st yastatic.net mc.yandex.kz mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.ua wss://*.cackle.me *.cackle.me *.youtube.com; font-src 'self' *.mychords.net *.gstatic.com *.bootstrapcdn.com fonts.googleapis.com  *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com  data:; object-src 'self' *.mychords.net *.youtube.com *.ytimg.com *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com ; frame-src 'self' mychords.net *.mychords.net *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com *.youtube.com *.cackle.me awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru cackle.me vk.com *.vk.com audio.xpleer.com  http://ulogin.ru https://ulogin.ru; 1
default-src 'self' blob:; frame-src 'self' connect.trezor.io:443; img-src 'self' data: blob:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; connect-src *; 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kcp.co.kr:*; object-src 'self' 1
object-src 'self' *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com  *.googletagservices.com *.googlesyndication.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.google.com *.bootstrapcdn.com  *.instagram.com *.cloudfront.net *.jquery.com *.facebook.com *.facebook.net *.gstatic.com *.tryinteract.com *.standardmedia.co.ke placehold.it/728x90 placehold.it/300x250 polldaddy.com *.polldaddy.com *.twitter.com *.youtube.com  *.syndication.twimg.com log.adaptv.advertising.com *.amazonaws.com  *.ustream.tv *.twimg.com withgoogle.com *.onthe.io *.withgoogle.com https://cdn.ampproject.org https://maxcdn.bootstrapcdn.com *.sde.co.ke https://cdn.probtn.com http://img.youtube.com *.probtn.com *.outbrain.com *.google.co.ke *.cloudflare.com https://soundcloud.com pixel.alexametrics.com *.alexametrics.com *.ampproject.net  *.taboola.com *.viewst.com *.probtn.com *.bkrtx.com *.onesignal.com *.scorecardresearch.com *.bluekai.com *.issuu.com *.mediapal.net *.eskimi.com  *.amazonaws.com standardmedia.us19.list-manage.com *.mailchimp.com  *.shoutcast.com cr-input.mxpnl.net https://instagram.fnbo1-1.fna.fbcdn.net  https://mc.us19.list-manage.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net a.jimdo.com *.jimstatic.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com s.yimg.jp *.hotjar.com b97.yahoo.co.jp *.bunchbox.co *.tvsquared.com *.doubleclick.net *.outbrain.com *.quantserve.com *.peaksandpies.io pvn.jimdo.com td.jimdo.com 3jveabar50.execute-api.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' jimdo.github.io tagmanager.google.com fonts.googleapis.com webteam.jimstatic.com *.jimstatic.com; default-src 'none'; connect-src 'self' *.hotjar.com; font-src 'self' data: jimdo.github.io fonts.gstatic.com *.jimstatic.com; frame-src 'self' www.facebook.com staticxx.facebook.com cms.e.jimdo.com dashboard.e.jimdo.com dash.e.jimdo.com register.jimdo.com cms.jimdo.com *.hotjar.com a.jimdo.com *.fls.doubleclick.net td.jimdo.com; img-src 'self' www.facebook.com www.google-analytics.com www.google.com www.google.de ssl.gstatic.com www.gstatic.com *.doubleclick.net *.tvsquared.com t.jimdo-platform.net b97.yahoo.co.jp *.bunchbox.co www.googleadservices.com *.outbrain.com td.jimdo.com *.quantserve.com *.peaksandpies.io data: *.jimstatic.com 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com 1
frame-ancestors https://*.modelmayhem.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; img-src data: 'self' https:;frame-ancestors 'none'; block-all-mixed-content; report-uri https://www.serienjunkies.de/r/; 1
default-src 'self' *.amdm.ru amdm.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.amdm.ru amdm.ru https://*.google.com https://adservice.google.ru *.googletagservices.com https://adservice.google.com.ua https://adservice.google.kz https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.gstatic.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru *.yandex.ru https://*.yandex.ru *.yandex.net *.yandex.net vk.com *.vk.com https://vk.com https://*.vk.com ok.ru *.ok.ru http://*.google-analytics.com https://*.google-analytics.com http://*.twitter.com https://*.twitter.com http://*.jquery.com https://*.jquery.com *.yastatic.net https://*.yastatic.net http://yastatic.net https://yastatic.net www.google-analytics.com https://www.google-analytics.com; object-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.gstatic.com https://*.gstatic.com an.yandex.ru https://an.yandex.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru yastatic.net https://yastatic.net; img-src * data:; media-src 'self' data: *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net; frame-src 'self' data: *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://*.googleadservices.com *.gstatic.com https://*.gstatic.com *.yandex.ru https://*.yandex.ru *.yastatic.net yastatic.net https://*.yastatic.net *.yandex.net https://yandex.net *.youtube.com https://*.youtube.com vk.com https://vk.com; font-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.yandex.ru https://*.yandex.ru yastatic.net https://yastatic.net; connect-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru https://*.yandex.ru *.gstatic.com *.googleapis.com https://translate.googleapis.com http://www.google-analytics.com https://www.google-analytics.com; report-uri /csp/collector.php  1
default-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov *.e.internal.r1s-prod.com 'self' blob: ; script-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.ravenjs.com https://sentry.io https://www.google.com/recaptcha/ https://connect.facebook.net https://*.sharethis.com 'unsafe-eval' 'unsafe-inline' ; style-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://use.fontawesome.com https://*.mapbox.com https://mapbox.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline' ; img-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://stats.g.doubleclick.net https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://ridb.recreation.gov https://fs.usda.gov https://www.fs.usda.gov https://*.staticflickr.com https://*.googleusercontent.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.siteintercept.qualtrics.com https://co1.qualtrics.com https://siteintercept.qualtrics.com https://*.sharethis.com https://s3.amazonaws.com/sharethis-socialab-prod/ 'self' data: blob: ; media-src https://www.nps.gov https://www.youtube.com https://youtu.be 'self' ; font-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://fonts.gstatic.com https://use.fontawesome.com; connect-src https://recreation.gov https://*.recreation.gov https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.recreation.gov https://*.mapbox.com https://mapbox.com https://freegeoip.net https://*.launchdarkly.com https://sentry.io https://siteintercept.qualtrics.com https://*.sharethis.com 'self' ; object-src 'self' blob: ; worker-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com 'self' blob: ; frame-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com https://tagmanager.google.com https://www.googletagmanager.com https://*.consensu.org 'self' blob: ; 1
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval';  img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation allow-modals; 1
frame-ancestors 'self' https://officeworks.experiencecloud.adobe.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-e8puLI20lGFR4XfQeFD28QsSgv+iBVthHRcPaOCNDf2Xlbwv' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://nexus.ensighten.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 1
report-uri /csp/report/; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com www.youtube.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com script.crazyegg.com sample.crazyegg.com cdn.ravenjs.com www.instagram.com cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com use.typekit.net cdn-resources.ableton.com; default-src 'self' blob: data: https: ableton:; object-src 'self'; frame-ancestors 'self' ableton.lightning.force.com; style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com platform.twitter.com ton.twimg.com use.typekit.net cdn-resources.ableton.com 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com 1
frame-ancestors 'self' https://shopping.yahoo.co.jp 1
default-src https: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com;font-src fonts.googleapis.com fonts.gstatic.com;img-src 'self' www.google-analytics.com data:;connect-src 'self';object-src 'none';media-src 'none';child-src 'self' www.google.com www.youtube.com;form-action 'self'; 1
frame-ancestors 'self' http://webvisor.com http://turbo.az http://*.turbo.az http://tap.az http://*.tap.az turbo.az *.turbo.az tap.az *.tap.az 1
script-src *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net consent.truste.com api.demandbase.com assets.adobedtm.com stats.g.doubleclick.net www.googleadservices.com cm.g.doubleclick.net dpm.demdex.net snap.licdn.com global.cognizant.com px.ads.linkedin.com trackcmp.net amplify.outbrain.com 2899686.fls.doubleclick.net api.company-target.com d.company-target.com segments.company-target.com pixel.advertising.com s.ytimg.com www.linkedin.com *.doubleclick.net match.adsrvr.org  fonts.gstatic.com msdn.microsoft.com ajax.googleapis.com api.soundcloud.com cdnjs.cloudflare.com *.AKAMAIHD.NET *.akamai.edgekey.net public.inpwrd.com consent.trustarc.com *.cognizant.co.jp  cognizant.co.jp www.gstatic.com www.google.com 'unsafe-inline' 'unsafe-eval' data: 1
default-src *.webstaurantstore.com; object-src 'none'; base-uri 'self' https://optimize.google.com/optimize/editor/; script-src *.webstaurantstore.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googlecommerce.com *.gstatic.com *.googleadservices.com *.google.com *.google-analytics.com *.facebook.net *.yimg.com *.yahoo.com *.bing.com *.bizrate.com *.shopzilla.com api.instagram.com *.twitter.com *.linkedin.com *.longtailvideo.com *.pinterest.com www.googletagmanager.com www.resellerratings.com *.g.doubleclick.net *.scarabresearch.com a.quora.com *.smarterhq.io js-agent.newrelic.com bam.nr-data.net *.sitejabber.com s.pinimg.com; style-src 'unsafe-inline' *.webstaurantstore.com *.googleapis.com *.google.com *.resellerratings.com *.sitejabber.com; img-src data: blob: *.webstaurantstore.com *.gstatic.com *.googlecommerce.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.facebook.com *.staticflickr.com *.msn.com *.bing.com *.pricegrabber.com *.bizrate.com *.bizrateinsights.com *.googleadservices.com *.amazon-adsystem.com *.connexity.net *.doubleclick.net *.google.com *.cdninstagram.com *.linkedin.com *.twitter.com *.longtailvideo.com *.pinterest.com securetracking.adsprotection.com *.resellerratings.com q.quora.com alb.reddit.com *.smarterhq.io cx.atdmt.com bam.nr-data.net *.sitejabber.com www.commerce-connector.com pinterest.adsymptotic.com *.cloudfront.net; frame-src *.webstaurantstore.com *.googlecommerce.com *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.youtube.com apps.kaonadn.net *.pinterest.com www.googletagmanager.com *.twitter.com; font-src data: *.webstaurantstore.com *.gstatic.com *.sitejabber.com; connect-src *.webstaurantstore.com *.google-analytics.com www.resellerratings.com *.google.com *.scarabresearch.com *.linkedin.com stats.g.doubleclick.net *.clarkinc.biz *.smarterhq.io bam.nr-data.net *.facebook.com *.sitejabber.com ct.pinterest.com; report-uri //www.webstaurantstore.com/api/v2/logs/?ReportingOnly=0 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: * ; font-src 'self' data: * ; frame-ancestors 'self' https://*.ualberta.ca 1
frame-ancestors 'self' https://help.thumbtack.com 1
base-uri 'self';child-src blob: *;connect-src *;default-src 'self';font-src * data:;frame-ancestors 'self';img-src * data:;media-src blob: *;script-src * 'unsafe-inline' 'unsafe-eval' data:;style-src * 'unsafe-inline';worker-src 'self' 1
default-src 'self' blob: wss: data: https:; img-src 'self' *.cloudfront.net blob: data: https:; media-src 'self' *.cloudfront.net https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ca  ; frame-src 'self' *.indeed.com *.indeed.ca https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ca d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com ads.adfox.ru yastatic.net *.yandex.ru *.adfox.yandex.ru ps.eyeota.net api.payota.net t.skyscnr.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com *.hotjar.com fonts.gstatic.com *.livetex.ru ostrovokru003.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru *.intentmedia.net www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com a.cdn.intentmedia.net *.intentmedia.net st.dynamicyield.com static.dynamicyield.com *.criteo.com a.intentmedia.net *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com *.g.doubleclick.net 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cm.g.doubleclick.net cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com www.google.com *.intentmedia.net a.cdn.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com bid.g.doubleclick.net clickioadvd.com googleads.g.doubleclick.net www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com vk.com staticxx.facebook.com tag.crsspxl.com; img-src * data:; report-uri /hc/csp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' *.gaoding.com god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com www.huodongxing.com www.365editor.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://pnew.365editor.com http://pwww.365editor.com https://new.365editor.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=3ba2f617-7e43-48b6-97f4-3d86ed21c513 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-pKzlcXtZwt' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
upgrade-insecure-requests; report-uri https://ee.report-uri.io/r/default/csp/enforce 1
report-uri /report-csp; connect-src 'self' *; font-src data: 'self'; child-src https://*.n26.com https://n26.com https://www.youtube.com https://boards.greenhouse.io https://pixel.mathtag.com/; img-src 'self' images.ctfassets.net images.contentful.com https://cdn.number26.de https://sc-collector.n26.com https://*.greenhouse.io data: *; media-src videos.ctfassets.net videos.contentful.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://n26-trusted.n26.com https://polyfill.io https://www.youtube.com https://s.ytimg.com https://boards.greenhouse.io *; style-src 'unsafe-inline' https://tagmanager.google.com; default-src * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.youtube.com https://*.ytimg.com https://stats.g.doubleclick.net https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://talkgadget.google.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://optimize.google.com https://support.google.com https://www.google.com https://optimize.google.com 'nonce-33bb9d65b2e557926390e55ca6849c94'; img-src 'self' *.googleusercontent.com www.google-analytics.com https://www.googleadservices.com *.doubleclick.net https://www.google.com https://www.google.co.uk https://storage.googleapis.com/ https://maps.googleapis.com/ https://maps.google.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://ssl.google-analytics.com *.youtube.com https://www.gstatic.com data:  https://ssl.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.ca; report-uri /csp; default-src 'self'; frame-src 'self' https://www.youtube.com *.talkgadget.google.com *.doubleclick.net https://www.accountchooser.com https://www.google.com https://feedback.googleusercontent.com https://optimize.google.com/; style-src 'self' 'unsafe-inline' ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://feedback.googleusercontent.com/resources/annotator.css https://optimize.google.com; connect-src 'self' https://maps.googleapis.com/ https://www.gstatic.com https://fcm.googleapis.com https://securetoken.googleapis.com https://www.googleapis.com https://www.google-analytics.com https://optimize.google.com; object-src ; font-src 'self' https://fonts.gstatic.com data: 'self' http://fonts.gstatic.com data:; base-uri https://learndigital.withgoogle.com 'self' https://optimize.google.com 1
connect-src 'self' https://my.yoast.com https://app.sgwidget.com https://sgwidget.leaderapps.co;default-src 'none';font-src 'self' https://brave.com https://fonts.gstatic.com data:;frame-ancestors 'self' chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd;frame-src 'self' https://player.vimeo.com https://boards.greenhouse.io https://www.youtube-nocookie.com;img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://secure.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://brave.com https://djtflbt20bdde.cloudfront.net https://maps.googleapis.com https://analytics.brave.com https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com https://app.sgwidget.com https://sgwidget.leaderapps.co;style-src 'self' 'unsafe-inline' https://brave.com https://fonts.googleapis.com; object-src 'none'; upgrade-insecure-requests 1
child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' avatars.githubusercontent.com; frame-src 'self' player.vimeo.com 1
default-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com;     script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://bat.bing.com https://js.braintreegateway.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://www.paypalobjects.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://mbsy.co https://dev.visualwebsiteoptimizer.com https://connect.facebook.net/ https://serve.albacross.com https://assets.braintreegateway.com https://www.paypal.com https://www.googleadservices.com https://code.jquery.com https://js.driftt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.recurly.com/;     img-src 'self' data: https://d34qmkt8w5wll9.cloudfront.net https://www.google-analytics.com https://www.google.com https://www.google.se https://yt3.ggpht.com https://bat.bing.com https://stats.g.doubleclick.net https://assets.braintreegateway.com https://checkout.paypal.com https://images.contentful.com https://images.ctfassets.net https://dev.visualwebsiteoptimizer.com https://useruploads.visualwebsiteoptimizer.com https://rec1.visualwebsiteoptimizer.com https://rec2.visualwebsiteoptimizer.com https://rec3.visualwebsiteoptimizer.com https://rec4.visualwebsiteoptimizer.com https://collect.albacross.com https://www.facebook.com/tr/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.co.uk https://www.google.com.br https://www.google.de https://www.google.ca https://www.google.au https://www.google.nl https://www.google.dk https://www.google.no https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent.cdninstagram.com https://i.ytimg.com;     media-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com https://videos.ctfassets.net;     child-src 'self' assets.braintreegateway.com c.paypal.com;     object-src 'self';     style-src 'self' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://tagmanager.google.com https://assets.braintreegateway.com;     font-src 'self' https://d34qmkt8w5wll9.cloudfront.net data:;     frame-src 'self' https://assets.braintreegateway.com https://c.paypal.com https://www.youtube.com https://www.paypal.com https://www.sandbox.paypal.com https://js.driftt.com https://www.google.com/recaptcha/ https://api.recurly.com/;     worker-src blob:;     connect-src 'self' https://*.epidemicsound.com https://www.googleapis.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://sentry.io https://dev.visualwebsiteoptimizer.com https://rec1.visualwebsiteoptimzer.com https://rec2.visualwebsiteoptimizer.com https://rec3.visualwebsiteoptimizer.com https://rec4.visualwebsiteoptimizer.com https://heatmap.visualwebsiteoptimizer.com https://www.facebook.com/tr/ https://*.braintree-api.com https://www.paypal.com https://cdn.contentful.com https://preview.contentful.com https://api.recurly.com/; 1
default-src 'self'; font-src https://github-atom-io-herokuapp-com.freetls.fastly.net https://github-atom-io-herokuapp-com.global.ssl.fastly.net; frame-src 'self' https://www.youtube.com; img-src https: 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net data:; media-src 'self'; object-src 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.google-analytics.com https://platform.twitter.com https://github-atom-io-herokuapp-com.freetls.fastly.net; style-src 'self' 'unsafe-inline' https://github-atom-io-herokuapp-com.freetls.fastly.net; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; media-src http: 'unsafe-inline' https: data: blob:; connect-src https: wss: data: blob:; img-src * data: https: android-webview-video-poster: 1
default-src 'self' blob:;  img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net;  media-src 'self' blob: *.streaming.mediaservices.windows.net;  script-src 'self' data: optimize.google.com *.google-analytics.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net;  style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com;  font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com;  connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net;  frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr;  1
default-src 'self' ws://localhost:* data: 'unsafe-inline' https://app.youneedabudget.com 'unsafe-eval' localhost:* *.youneedabudget.com marketing-youneedabudgetco.netdna-ssl.com sslcdn-youneedabudgetco.netdna-ssl.com youneedabudget.helpscoutdocs.com *.quora.com *.helpscout.net *.sumologic.com *.pusher.com d3hb14vkzrxvla.cloudfront.net player.vimeo.com apis.google.com accounts.google.com www.google.com www.google.ca www.google.co.uk www.google.au www.google.de www.google.com.br www.google.be www.google.co.nz www.google.es www.google.nl www.google.com.ph www.google.co.in www.google.fr www.google.ie www.google.com.mx www.google.ru www.google.pl www.google.com.sg www.google.no www.google.ch *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.doubleclick.net https://docs.google.com https://api.ipify.org https://s.pinimg.com *.facebook.com *.pinterest.com *.facebook.net *.youtube.com djtflbt20bdde.cloudfront.net *.adroll.com https://pixel.cdnwidget.com/cdn/c.min.js https://ids.cdnwidget.com/c https://*.cdnbasket.net/ *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.twitter.com *.ads-twitter.com *.soundcloud.com https://youneedabudget.us11.list-manage.com https://ajax.cloudflare.com https://giphy.com/ https://api.cloudinary.com https://cdnjs.cloudflare.com https://api.getgo.com optimize.google.com *.mparticle.com *.amplitude.com https://api.rollbar.com https://cdn.pdst.fm/ping.min.js https://us-central1-adaptive-growth.cloudfunctions.net/sink s.ytimg.com hello.myfonts.net ;frame-ancestors http://localhost:* *.youneedabudget.com ;img-src data: *;font-src 'self' data: fonts.gstatic.com *.intercomcdn.com sslcdn-youneedabudgetco.netdna-ssl.com *.youneedabudget.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-niTKFDbZMH' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' https://appear.in https://*.appear.in ; 1
frame-ancestors 'self' https://*.ranker.com https://*.ranker-dev.com https://*.ranker-stage.com 1
default-src 'self' https://tools-static.wmflabs.org; child-src 'none'; object-src 'none'; img-src 'self' data: https://tools-static.wmflabs.org 1
default-src 'self' blob: data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.wp.com pixel.wp.com bam.nr-data.net js-agent.newrelic.com s0.wp.com s1.wp.com *.facebook.net *.youtube.com *.ytimg.com;style-src blob: 'self' 'unsafe-inline' s0.wp.com s1.wp.com;img-src 'self' blob: data: https: s0.wp.com s1.wp.com;media-src 'self' blob: data: https: s0.wp.com s1.wp.com;frame-src 'self' *.youtube.com; 1
frame-ancestors 'self' http://*.waldenfacts.com http://waldenfacts.com http://laureate.postclickmarketing.com 1
default-src 'self'; script-src 'self' https://www.openhub.net; child-src 'self' https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; media-src 'self' https://download.gimp.org https://www.mirrorservice.org; 1
default-src 'self' remontka.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' remontka.pro https://storage.googleapis.com https://www.googletagservices.com https://vk.com https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.yadro.ru http://code.jquery.com *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru; frame-src 'self' 'unsafe-inline' remontka.pro https://money.yandex.ru https://vk.com remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googlevideo.com http://code.jquery.com *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com https://st.yandexadexchange.net http://yandexadexchange.net http://st.yandexadexchange.net *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' remontka.pro https://storage.googleapis.com https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com data:; object-src 'self' *.remontka.pro remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googleadservices.com https://*.googleadservices.com http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com; img-src 'self' remontka.pro yadro.ru https://vk.com *.yadro.ru *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com data:; font-src 'self' remontka.pro *.googleapis.com *.gstatic.com *.googlevideo.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru https://cdnjs.cloudflare.com data:; connect-src 'self' remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ http://code.jquery.com *.googleadservices.com *.googlevideo.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://translate.googleapis.com; media-src 'self' remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googlevideo.com http://*.ytimg.com youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com data:; 1
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com; script-src *.scryfall.com checkout.stripe.com www.google-analytics.com 'unsafe-eval'; img-src *.scryfall.com *.stripe.com www.google-analytics.com data:; font-src *.scryfall.com; manifest-src *.scryfall.com; connect-src api.scryfall.com scryfall.com www.google-analytics.com checkout.stripe.com; block-all-mixed-content; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.fr  ; frame-src 'self' *.indeed.com *.indeed.fr https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.fr d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
default-src 'self' *.pobeda.aero pobeda.aero *.google-analytics.com *.g.doubleclick.net mc.yandex.ru top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.pobeda.aero yastatic.net *.googleadservices.com www.google-analytics.com *.g.doubleclick.net top-fwz1.mail.ru *.vk.com *.google.ru *.google.com *.google.de *.google.kz *.gstatic.com mc.yandex.ru cdn.sendpulse.com top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.pobeda.aero *.sendpulse.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.pobeda.aero; img-src 'self' *; child-src 'self' *; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/golfdigest 1
default-src http: https: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.guidelive.com *.dallasnews.com *.dentonrc.com *.google.com 1
frame-ancestors *.ntu.edu.sg 1
default-src https://*.f-list.net; frame-src https://www.google.com/recaptcha/; script-src https://*.f-list.net https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; img-src data: https://*.f-list.net https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it; style-src https://*.f-list.net 'unsafe-inline'; connect-src https://*.f-list.net https://ads.dragonfru.it wss://chat.f-list.net:9799 ws://chat.f-list.net:9722 wss://chat.f-list.net:8799 ws://chat.f-list.net:8722 wss://chat.f-list.net; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imedia.cz *.sdn.szn.cz *.szn.cz *.sklik.cz http://*.imedia.cz https://*.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.prozeny.cz https://www.prozeny.cz *.pubmatic.com *.doubleverify.com *.serving-sys.com  ads.celtra.com *.adform.net *.pliing.com *.adnxs.com *.adnxs.net *.doubleclick.net cdn.vistag.com login.szn.cz http://login.szn.cz https://login.szn.cz; frame-ancestors 'self' www.seznam.cz adminclanky.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
script-src 'unsafe-inline' 'unsafe-eval' *.diplomatie.gouv.fr *.aticdn.net  *.france-visas.gouv.fr france-visas.gouv.fr; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors 'self' *.planet.fr 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' mobile.free.fr www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.fr connect.facebook.net www.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com assistance.free.fr osm.proxad.net 1
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz; report-uri /cspreport; 1
frame-ancestors 'self' *.dillards.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com https://www.googletagmanager.com 'nonce-1775738329989999649'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://www.payzippy.com https://tnc.phonepe.com https://*.youtube.com https://www.google-analytics.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://www.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-1775738329989999649'; child-src 'self' https://*.flipkart.com 'nonce-1775738329989999649'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://csp.flipkart.com/csp 1
frame-ancestors 'self' *.gisher.org https://gisher.news http://kentron.tv 1
default-src https: js-callback: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:  wss:; frame-src https: appsflyerevent: fbrpc:; img-src https: blob: data:; report-uri https://internations.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' *.asiamiles.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://solutions.sciquest.com https://service.ariba.com https://usertest.sciquest.com https://s1.ariba.com http://admin.atgstores.com/ https://admin.atgstores.com/ 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.truefitcorp.com http://*.truefitcorp.com https://www.googletagmanager.com http://*.bazaarvoice.com https://*.bazaarvoice.com https://code.jquery.com https://*.evergage.com http://*.evergage.com http://*.academy.com https://*.academy.com https://*.iesnare.com https://*.amazonaws.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.scene7.com http://*.scene7.com  https://*.firstdata.com https://*.google.com https://*.paypalobjects.com https://unpkg.com https://*.evgnet.com http://www.youtube.com https://www.youtube.com https://*.go-mpulse.net http://*.go-mpulse.net https://*.ytimg.com https://*.googleadservices.com https://cdn.b0e8.com https://*.micpn.com https://*.pbbl.co https://*.pinimg.com https://*.myvisualiq.net https://*.facebook.net https://*.doubleclick.net http://*.googleapis.com https://*.googleapis.com https://*.evgnet.com https://tagmanager.google.com https://*.cdn-net.com http://*.cdn-net.com https://*.akamaihd.net https://*.paymentjs.firstdata.com https://*.paypal.com https://*.rfihub.net https://*.rfihub.com https://*.dealtime.com http://*.myregistry.com https://*.myregistry.com https://*.gstatic.com http://incl-v2.academy.com.searchdex.net https://incl-v2.academy.com.searchdex.net https://*.bing.com http://*.bing.com https://*.iovation.com https://*.googletagservices.com https://*.rewardstyle.com https://*.kaptcha.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/teen-vogue 1
frame-ancestors 'self' https://*.adultdvdtalk.com 1
frame-ancestors https://*.settour.com.tw; 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dnn506yrbagrg.cloudfront.net https://www.googletagmanager.com https://vjs.zencdn.net https://cdn.mathjax.org https://www.sc.pages02.net https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.google-analytics.com https://jobs.jobvite.com https://plus.google.com https://www.googleadservices.com https://players.brightcove.net http://ie7-js.googlecode.com https://apis.google.com https://d1fc8wv8zag5ca.cloudfront.net https://connect.facebook.net https://*.criteo.com https://s.pinimg.com https://bat.bing.com https://*.criteo.net https://ajax.googleapis.com https://*.doubleclick.net https://platform.twitter.com https://*.ads-twitter.com https://*.googlesyndication.com https://boards.greenhouse.io https://adservice.google.com https://snap.licdn.com https://s3.amazonaws.com https://analytics.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://*.traversedlp.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; img-src 'self' data: blob: https://*.pages02.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://www.facebook.com https://ct.pinterest.com https://www.google.com https://bat.bing.com https://*.doubleclick.net https://q.quora.com https://*.linkedin.com https://*.criteo.net https://secure.adnxs.com https://cdn.optimizely.com https://www.bizographics.com https://www.google-analytics.com https://placehold.it https://*.criteo.com https://www.w3.org https://*.googlesyndication.com https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://adservice.google.com https://gtrk.s3.amazonaws.com https://user-event-tracker.crazyegg.com https://t.co https://pinterest.adsymptotic.com https://pointclicktrack.com https://*.hotjar.com; frame-src 'self' https://*.ixl.com https://www.youtube.com https://jobs.jobvite.com https://players.brightcove.net https://accounts.google.com https://*.criteo.com https://www.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://boards.greenhouse.io https://app.optimizely.com https://a14220909.cdn.optimizely.com https://www.google.com/recaptcha/ https://*.hotjar.com https://abcya-media.ixl.com; object-src 'self' https://abcya-media.ixl.com; media-src 'self' blob: https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://rwforg.speechstream.net/; connect-src 'self' https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://*.optimizely.com https://*.greenhouse.io https://csm.sv.us.criteo.net https://www.google-analytics.com https://docs.google.com https://rwforg.speechstream.net/ https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://ct.pinterest.com https://*.abcya.com https://*.hotjar.com wss://*.hotjar.com https://www.googleapis.com https://*.traversedlp.com https://pubsub.ixl.com wss://pubsub.ixl.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-ancestors 'self' https://blog.ixl.com/ http://support/ http://supportvm/ http://support.quiacorp.com/ http://supportvm.quiacorp.com/ http://try.quiacorp.com/; report-uri /actions/csp/report; 1
frame-ancestors 'self' http://www.kayak.com.au http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-cfed81a3e8cf48499e7de8826913da6e'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
media-src 'self' * 1
default-src 'self' https://mozillathimblelivepreview.net; frame-src 'self' https://docs.google.com blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; child-src 'self' https://pontoon.mozilla.org blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; script-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://mozorg.cdn.mozilla.net https://www.google-analytics.com https://pontoon.mozilla.org https://mozillathimblelivepreview.net; connect-src 'self' https://pontoon.mozilla.org https://mozilla.github.io/thimble-homepage-gallery/activities.json https://api.github.com/repos/mozilla/thimble.mozilla.org/issues https://mozillathimblelivepreview.net; frame-ancestors https://pontoon.mozilla.org; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://code.cdn.mozilla.net/ https://pontoon.mozilla.org; img-src *; media-src *; style-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://fonts.googleapis.com https://mozorg.cdn.mozilla.net https://netdna.bootstrapcdn.com https://pontoon.mozilla.org 'sha256-AnlD8XRHNPxhNZ/6MucKFJr9yYGQtn8bmvveYkBg7a4=' 1
frame-ancestors https://apps.facebook.com https://userheat.com 1
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=fa88fbf4-3f07-4aeb-a6e9-dfcc3e55b086&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=fa88fbf4-3f07-4aeb-a6e9-dfcc3e55b086&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false 1
default-src 'self' https://lxelma5p.bfinv.de ; style-src 'self' ; media-src 'self' https://download.elster.de ; img-src 'self' https://anycast.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 1
frame-ancestors 'self' *.svd.se; default-src https: data: blob: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.wildberries.by 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=e2c479b1-0bd5-4950-aee4-860bb8749578&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=e2c479b1-0bd5-4950-aee4-860bb8749578&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
frame-ancestor 'self'; 1
connect-src 'self' www.google-analytics.com stats.addtoany.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com cdn.ravenjs.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net; form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com; default-src 'self'; frame-ancestors *.caltech.edu; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net; object-src 'self'; base-uri *.caltech.edu; font-src 'self' public.slidesharecdn.com fonts.gstatic.com; media-src 'self' www.youtube.com player.vimeo.com; img-src 'self' data: web-prod-storage.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.google.com; report-uri /_csp 1
default-src rabota.ru wss://comet.rabota.ru *.rabota.ru *.yandex.ru *.yandex.net *.yandexadexchange.net *.mail.ru vk.com *.twitter.com *.odnoklassniki.ru *.rambler.ru *.adfox.ru *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.instagramm.ru *.ucweb.com *.newrelic.com *.livetex.ru *.2gis.ru *.2gis.com 2gis.github.io polyfill.io *.calltouch.ru *.jivosite.com *.vimeocdn.com *.youtube.com *.imgsmail.ru *.dadata.ru *.mediator.media;    script-src 'unsafe-inline' 'unsafe-eval' rabota.ru *.rabota.ru *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.twitter.com *.odnoklassniki.ru *.mail.ru *.facebook.net *.instagramm.ru unpkg.com *.livetex.ru *.google.com *.newrelic.com *.nr-data.net *.jivosite.com *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com polyfill.io *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.surveymonkey.com;    style-src 'unsafe-inline' 'unsafe-eval' blob: rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru;    img-src * data: blob:;    font-src data: blob: rabota.ru *.rabota.ru *.gstatic.com *.livetex.ru *.gstatic.com;    child-src rabota.ru *.rabota.ru 2gis.github.io;    frame-src rabota.ru *.rabota.ru *.creativecdn.com *.facebook.com *.facebook.net *.instagramm.ru yastatic.net *.google.com *.livetex.ru *.2gis.ru *.2gis.com *.yandex.ru *.yandex.net *.yandexadexchange.net vk.com *.twitter.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googletagmanager.com *.surveymonkey.com;    media-src blob: rabota.ru *.rabota.ru *.jivosite.com *.vimeocdn.com;    report-uri https://www.rabota.ru/snitch 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com *.sce.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com *.sce.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.serving-sys.com; report-uri /report-csp-violation 1
default-src 'self' rufilm.tv rufilmtv.org *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club *.youtube.com *.newsadsppush.com newsadsppush.com *.union-site-data.com *.pbcde.com *.nshes.ru pbcde.com nshes.ru *.gnezdo.ru news.gnezdo.ru news.2xclick.ru theyhat.com smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info cpasmrttds.info adsblockkpush.com accommon.info samnioc.info dialected.info *.supuv2.com alphamrkt.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com *.braun634.com m-shes.ru adbetnet.com etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.mgid.com *.steepto.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com cdn.hgdat.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv *.reyden-x.com reyden-x.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net stream.reyden-x.com http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.twitch.tv player.twitch.tv *.braun634.com cdn.jsdelivr.net *.union-site-data.com union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv m-shes.ru tvc.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net advmaker.su yt.advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 stream.reyden-x.com *.reyden-x.com samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru *.twitch.tv player.twitch.tv cdn.jsdelivr.net 1
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mixcloud.com www.google-analytics.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com; connect-src *; img-src 'self' data: *.nts.live *.ntslive.co.uk www.google-analytics.com certify.alexametrics.com *.doubleclick.net https://www.google.com *.googleusercontent.com; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk;style-src 'unsafe-inline' 'self' hello.myfonts.net; worker-src 'self'; child-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com;frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; 1
frame-ancestors https://*.meijer.com 1
frame-ancestors https://*.bewakoof.com 'self' 1
default-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; child-src *.google.com *.youtube.com; connect-src 'self' wss://*.zopim.com engine-api.presearch.org wss://engine-api.presearch.org; font-src 'self' data: *.zopim.com *.typekit.net use.fontawesome.com fonts.gstatic.com; form-action 'self' *; frame-ancestors 'none'; img-src 'self' *.zopim.com *.wikimedia.org data:; media-src 'self'; object-src 'none'; script-src 'self' *.zopim.com *.google.com *.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.typekit.net use.fontawesome.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.co.id *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com cdnjs.cloudflare.com *.inews.id *.disqus.com *.disquscdn.com https://disqus.com https://*.disqus.com https://*.okezone.com https://*.metube.id *.metube.id https://*.inews.id http://*.inews.id http://cdn.viglink.com/ https://stats.g.doubleclick.net http://*.googlesyndication.com https://*.alexametrics.com http://*.alexametrics.com https://www.googletagservices.com https://www.googletagservices.com https://adservice.google.co.id https://googleads.g.doubleclick.net http://cloudfront-labs.amazonaws.com https://*.doubleclick.net http://*.cloudfront.net http://*.doubleclick.net https://*.googlesyndication.com mobileads.google.com https//placehold.it/ http://*.metube.id/ https://*.metube.id/ http://placehold.it/ https://placehold.it/ https://securepubads.g.doubleclick.net/ https://cc.adingo.jp/ https://sb.scorecardresearch.com/ https://cdn.ampproject.org/ https://*.sindonews.com/ https://*.doubleclick.net/ https://*.subscribers.com/ https://nuri.inews.id https://unpkg.com/ https://static.vidy.com/ https://api.vidy.com/ https://*.gstatic.com https://*.google.com.ua/ https://code.highcharts.com/ https://*.ytimg.com 1
default-src https: 'unsafe-inline'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com 1
default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com  www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com  ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline';img-src * data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action 'self'  'unsafe-inline'; frame-src 'self' charts3.equitystory.com  irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it ; img-src 'self' data: i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it; style-src 'self' *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com; frame-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; worker-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; child-src 'self' opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com opendataavcp.interno.it; font-src 'self' data: opendataavcp.interno.it *.gstatic.com; frame-ancestors 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.gstatic.com data: 1
frame-ancestors 'self' crmchina.microsoftstore.com.cn mapi.alipay.com www.microsoft.com account.microsoft.com support.microsoft.com vortex.data.microsoft.com products.office.com 1
report-uri https://www.asstr.org/csp-report.php ; upgrade-insecure-requests ; child-src https://*.google.com/ https://*.asstr.org http://*.nifty.org https://www.google.com ; img-src https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.statcounter.com/ https://*.google-analytics.com https://*.google.com ; script-src https://cdn.jsdelivr.net/ https://*.tawk.to/ https://*.bootstrapcdn.com/ https://*.statcounter.com/ https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.googleapis.com/ https://*.google-analytics.com https://*.google.com 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.asstr.org 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucecrafts.com *.qa.aws.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=bdaa738c-1227-4126-970c-731ae0be4c2f 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.m3.com:* *.m3img.com:* *.uliza.jp *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.jp *.doubleclick.net b92.yahoo.co.jp ybx.yahoo.co.jp *.twimg.com *.googleapis.com *.facebook.net t.co *.facebook.com *.ads-twitter.com *.fout.jp *.adjust-net.jp *.mcube-stream.com player.vimeo.com s.yimg.jp b97.yahoo.co.jp *.youtube.com 1
frame-ancestors 'self' www.healthyliving.in.th 1
script-src 'self' *.visual-paradigm.com *.google-analytics.com  *.recaptcha.net *.gstatic.cn *.google.com *.gstatic.com *.googleapis.com graph.facebook.com share.yandex.ru *.tawk.to *.addthis.com *.addthisedge.com *.linkedin.com cdn.jsdelivr.net *.cloudfront.net *.gitbook.io *.stripe.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src https://optimize.google.com * data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com; frame-src www.youtube-nocookie.com https://optimize.google.com;  connect-src https://www.google-analytics.com font-src 'self' https://fonts.gstatic.com; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=aba6264f-eb8e-4675-a81d-3698e0497f04 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.iliad.it osm.proxad.net *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr 1
script-src https: 'self' localhost localhost:8000 localhost:18000 cdn.schoolpal.cn greedylog.1course.cn hm.baidu.com api.map.baidu.com res.wx.qq.com int.dpool.sina.com.cn retcode.alicdn.com arms-retcode.aliyuncs.com 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' *.novoresume.com connect.facebook.net api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://widget.trustpilot.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: *.novoresume.com fonts.gstatic.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com; frame-src 'self' *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net *.google.com https://widget.trustpilot.com https://player.vimeo.com; img-src 'self' data: *.novoresume.com csi.gstatic.com *.doubleclick.net *.google.com *.google-analytics.com connect.facebook.net *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com; media-src 'self' js.intercomcdn.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' trackcmp.net d6tizftlrpuof.cloudfront.net *.novoresume.com *.google.com *.google-analytics.com *.googleadservices.com connect.facebook.net www.googletagmanager.com *.doubleclick.net www.facebook.com static.ads-twitter.com analytics.twitter.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com https://widget.trustpilot.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' tagmanager.google.com *.novoresume.com d6tizftlrpuof.cloudfront.net *.googleapis.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/brides 1
frame-src 'self' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 onlainporno1.tv *.onlainporno1.tv m.onlainporno1.tv *.m.onlainporno1.tv onlainporno1.tv *.onlainporno1.tv video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com *.xxx-hunt-m.com xxx-hunt-m.com https://*.xxx-hunt-m.com https://xxx-hunt-m.com *.youtube.com youtube.com https://*.youtube.com https://youtube.com *.gpuzt.com gpuzt.com https://*.gpuzt.com https://gpuzt.com *.promokrot.com promokrot.com https://*.promokrot.com https://promokrot.com *.ofapes.com ofapes.com https://*.ofapes.com https://ofapes.com *.scund.com https://*.scund.com *.biasdo.com biasdo.com https://*.biasdo.com https://biasdo.com *.andase.com andase.com https://*.andase.com https://andase.com *.andumb.com andumb.com https://*.andumb.com https://andumb.com *.basand.com basand.com https://*.basand.com https://basand.com *.defoge.com defoge.com https://*.defoge.com https://defoge.com *.riedto.com riedto.com https://*.riedto.com https://riedto.com *.thisde.com thisde.com https://*.thisde.com https://thisde.com *.toormpc.com toormpc.com https://*.toormpc.com https://toormpc.com *.weforo.com weforo.com https://*.weforo.com https://weforo.com *.ydoms.com ydoms.com https://*.ydoms.com https://ydoms.com *.etndl.com etndl.com https://*.etndl.com https://etndl.com *.i.checkru.net i.checkru.net https://*.i.checkru.net https://i.checkru.net *.adswrapme.click adswrapme.click https://*.adswrapme.click https://adswrapme.click *.vadideo.com vadideo.com https://*.vadideo.com https://vadideo.com *.advertserve.com advertserve.com https://*.advertserve.com https://advertserve.com *.advrich.com advrich.com https://*.advrich.com https://advrich.com *.livestatisc.com livestatisc.com https://*.livestatisc.com https://livestatisc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 onlainporno1.tv *.onlainporno1.tv m.onlainporno1.tv *.m.onlainporno1.tv onlainporno1.tv *.onlainporno1.tv video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com *.xxx-hunt-m.com xxx-hunt-m.com https://*.xxx-hunt-m.com https://xxx-hunt-m.com *.youtube.com youtube.com https://*.youtube.com https://youtube.com *.gpuzt.com gpuzt.com https://*.gpuzt.com https://gpuzt.com *.promokrot.com promokrot.com https://*.promokrot.com https://promokrot.com *.ofapes.com ofapes.com https://*.ofapes.com https://ofapes.com *.scund.com https://*.scund.com *.biasdo.com biasdo.com https://*.biasdo.com https://biasdo.com *.andase.com andase.com https://*.andase.com https://andase.com *.andumb.com andumb.com https://*.andumb.com https://andumb.com *.basand.com basand.com https://*.basand.com https://basand.com *.defoge.com defoge.com https://*.defoge.com https://defoge.com *.riedto.com riedto.com https://*.riedto.com https://riedto.com *.thisde.com thisde.com https://*.thisde.com https://thisde.com *.toormpc.com toormpc.com https://*.toormpc.com https://toormpc.com *.weforo.com weforo.com https://*.weforo.com https://weforo.com *.ydoms.com ydoms.com https://*.ydoms.com https://ydoms.com *.etndl.com etndl.com https://*.etndl.com https://etndl.com *.i.checkru.net i.checkru.net https://*.i.checkru.net https://i.checkru.net *.adswrapme.click adswrapme.click https://*.adswrapme.click https://adswrapme.click *.vadideo.com vadideo.com https://*.vadideo.com https://vadideo.com *.advertserve.com advertserve.com https://*.advertserve.com https://advertserve.com *.advrich.com advrich.com https://*.advrich.com https://advrich.com *.livestatisc.com livestatisc.com https://*.livestatisc.com https://livestatisc.com 1
block-all-mixed-content; report-uri https://www.lookfantastic.com/cspReport.txt; 1
default-src 'self' blob: *.dochub.com; child-src 'self' blob: cdn.dochub.com content.googleapis.com accounts.google.com www.google.com docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.youtube.com; connect-src 'self' blob: *.gravatar.com *.nr-data.net *.pusher.com api.onedrive.com api.rollbar.com cdn.dochub.com docs.google.com example.com graph.microsoft.com maps.gstatic.com platform.twitter.com sentry.io stats.g.doubleclick.net ws://ws.pusherapp.com wss://ws.pusherapp.com wss://ws.pusherapp.com:443 www.dropbox.com www.google.com www.googleapis.com ekr.zdassets.com dochub.zendesk.com checkout.stripe.com macroplant.zendesk.com *.zopim.com wss://*.zopim.com; font-src 'self' data: cdn.dochub.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' blob: accounts.google.com cdn.dochub.com content.googleapis.com dochub.com www.google.com docs.google.com www.gstatic.com www.youtube.com js.stripe.com platform.twitter.com syndication.twitter.com checkout.stripe.com; img-src * blob: data:; media-src 'self' cdn.dochub.com docs.google.com static.zdassets.com; object-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.gravatar.com *.newrelic.com *.nr-data.net *.pusher.com apis.google.com api.rollbar.com br-rx.atatus.com cdn.dochub.com cdn.syndication.twimg.com cdnjs.cloudflare.com docs.google.com dmc1acwvwny3.cloudfront.net/atatus.js js.live.net js.stripe.com checkout.stripe.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com www.dropbox.com www.google-analytics.com www.google.com www.gstatic.com static.zdassets.com *.zopim.com; style-src 'self' 'unsafe-inline' cdn.dochub.com docs.google.com fonts.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com; report-uri https://sentry.io/api/1205257/security/?sentry_key=d04bf487c1254343bfe2db4f8f59fe3d 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=cmscache 1
frame-ancestors 'self' https://apps.facebook.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/architectural-digest 1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=389749a6-29a3-4ab5-afc3-c6c4486f1752 1
frame-ancestors *.flyscoot.com dev-flyscoot.com uat-flyscoot.com flyscoot-prod.azurewebsites.net; 1
default-src 'self' http://google-analytics.com http://i3.ytimg.com https://www.youtube.com;script-src 'self' www.google-analytics.com www.images-home.com https://ssl.google-analytics.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';font-src 'self' https://fonts.gstatic.com data:;img-src * 'self' data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flyasiana.com *.googleapis.com *.youtube.com *.google-analytics.com sslwidget.criteo.com static.criteo.net connect.facebook.net eba-amadeus.netdna-ssl.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.kr h.online-metrix.net www.vpay.co.kr *.bankpay.or.kr nsp.pay.naver.com pay.naver.com *.easypay.co.kr developers.kakao.com code.jquery.com kmpay.lgcns.com pg.cnspay.co.kr developers.kakao.com s.ytimg.com *.gstatic.com remote.captcha.com facebook.com twitter.com service.weibo.com vbv.samsungcard.co.kr *.recopick.com onsalemobile.uplus.co.kr *.connect.travelaudience.com secureapi.eximbay.com 1
default-src *; img-src * 'self' data: https:; font-src * data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 1
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 1
block-all-mixed-content; upgrade-insecure-requests; base-uri 'self' *.dynamicyield.com *.dynamicyield.eu; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.braintree-api.com *.braintreegateway.com *.brightcove.com *.commander1.com *.commandersact.com *.cube-net.pub *.custhelp.com *.decathlon.com *.decathlon.es *.decathlon.net *.doubleclick.net *.dynamicyield.com *.dynamicyield.eu *.fitanalytics.com *.iadvize.com *.mopinion.com *.mydecathlon.com *.paypal.com *.tagcommander.com *.tiendeo.com/ *.woosmap.com *.y-track.com *.youtube.com abtastylab.com adserving.ancoraplatform.com api.oney.io app.beampulse.com blob: bp-1c51.kxcdn.com browser-update.org bs.serving-sys.com cdnjs.cloudflare.com code.jquery.com/ui/1.12.1/jquery-ui.js code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css comunidad.decathlon.es connect.facebook.net contents.mediadecathlon.com data: decathlon-prod.pertimm.net decathlon-v2-preprod.pertimm.net decathlon-v2-prod.pertimm.net dis.eu.criteo.com fonts.googleapis.com fonts.gstatic.com gum.criteo.com https://ssl.google-analytics.com ib.adnxs.com keepyeyes.cube-net.org localhost maps.google.com maps.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com oney-staging.azure-api.net operacionesdecathlon.es players.brightcove.net pre-comunidad.decathlon.es preprod-keepyeyes.cube-net.org pro-decathloneventostienda.s3.amazonaws.com recommendation-js.woosmap.com s.ytimg.com s3.eu-west-1.amazonaws.com secure-ds.serving-sys.com secure.adnxs.com sslwidget.criteo.com static-cdn.mydecathlon.com static.criteo.net staticxx.faceboook.com vjs.zencdn.net ws: wss://*.iadvize.com www.decathlon.fr www.facebook.com www.google-analytics.com www.google.com www.google.es www.google.fr www.googleadservices.com www.googletagmanager.com www.gstatic.com; font-src 'self' *.decathlon.es *.dynamicyield.com *.dynamicyield.eu *.iadvize.com cdnjs.cloudflare.com data: fonts.gstatic.com keepyeyes.cube-net.org localhost maxcdn.bootstrapcdn.com preprod-keepyeyes.cube-net.org static-cdn.mydecathlon.com vjs.zencdn.net; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob:; 1
frame-ancestors http://*.fgv.br https://*.fgv.br 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.capco.com  *.fisglobal.com *.wistia.net *.wistia.com *.addtoany.com *.google-analytics.com *.litix.io *.marketo.net *.googletagmanager.com *.hotjar.com *.yourvoice2us.com *.webtrends.com *.webtrendslive.com *.facebook.net *.oktopost.com *.google.com *.marketo.com okt.to static.addtoany.com *.googleadservices.com *.jquery.com *.googleapis.com *.licdn.com *.linkedin.com *.bizographics.com *.adnxs.com *.cloudflare.com *.ads-twitter.com *.doubleclick.net *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com *.addevent.com *.crazyegg.com;     connect-src 'self'  *.capco.com *.fisglobal.com *.wistia.com *.litix.io *.yahooapis.com *.mktoresp.com *.hotjar.com *.akamaihd.net *.facebook.com *.linkedin.com *.marketo.com *.google.com *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com fisevents.com;      img-src 'self' 'unsafe-inline' data: *.capco.com  *.fisglobal.com *.wistia.com *.wistia.net *.doubleclick.net *.litix.io *.google-analytics.com capcouat.fisglobal.com fast.wistia.net *.webtrendslive.com *.google.com *.marketo.com *.facebook.com  *.akamaihd.net *.googleadservices.com *.gstatic.com *.adnxs.com *.google.co.in t.co *.googletagmanager.com;      style-src 'self' 'unsafe-inline' *.capco.com *.fisglobal.com *.wistia.com *.wistia.net *.bootstrapcdn.com *.googleapis.com *.google.com *.marketo.com *.googleapis.com  *.cloudflare.com;     child-src 'self' 'unsafe-inline' *.capco.com *.fisglobal.com *.sitecore.net *.wistia.com *.wistia.net *.nyceinfomanager.com *.peopleclick.com *.hotjar.com *.fls.doubleclick.net *.youtube.com *.segmint.net *.marketo.com fast.wistia.net *.ceros.com *.fisevents.com http://fisevents.com *.frontarena.com *.facebook.net *.doubleclick.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.linkedin.com;      font-src 'self' 'unsafe-inline' data: *.capco.com *.fisglobal.com *.wistia.com *.wistia.net capcouat.fisglobal.com fast.wistia.net *.bootstrapcdn.com *.gstatic.com *.cloudflare.com;     media-src 'self' 'unsafe-inline' blob: data: *.capco.com *.fisglobal.com *.wistia.com *.wistia.net capcouat.fisglobal.com fast.wistia.net *.akamaihd.net 1
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https: blob:; connect-src 'self' wss: https: blob:; font-src 'self' data: https:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' app.optimizely.com *.eventbrite.com video214.com animoto.com; img-src 'self' data: https: blob: android-webview-video-poster:; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'self' www.paypalobjects.com d150hyw1dtprld.cloudfront.net; prefetch-src 'self' https:; script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://sentry.io/api/1401029/security/?sentry_key=b94ac67e5c014425a0fe8cb868528601 1
frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 1
frame-ancestors 'self' http://www.dietacomemagrecimento.com/ http://befa.online/ http://viveresersaudavel.com/; 1
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com https://www.facebook.com https://*.googleapis.com https://dot.wp.pl stats.g.doubleclick.net https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com *.try.abtasty.com www.googletagmanager.com teddytor.abtasty.com *.app.abtasty.com www.google.com *.abtasty.com bcp.crwdcntrl.net www.google-analytics.com https://www.emplocity.com https://tbl.tradedoubler.com www.0.s-nk.pl clients1.google.com https://ad.doubleclick.net *.googleads.g.doubleclick.net www.linkedin.com https://www.i1.ytimg.com bnp-paribas.user.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.gstatic.com https://www.googleapis.com *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://developers.google.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.passets.pinimg.com www.s.c.lnkd.licdn.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com https://www.wykop.pl https://www.youtube.com www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://www.ssl.gstatic.com https://*.googleapis.com https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.googleads.g.doubleclick.net wss://ws9.hotjar.com bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 1
frame-ancestors https://www.leogallery.cc 1
default-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de embedwistia-a.akamaihd.net data: blob: *.avm.de 1
frame-ancestors https://test-usertesting.skilljar.com https://university.usertesting.com 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/glamour 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' wss://bitribe.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://static.bitribe.com https://www.google.com https://www.google.co.kr blob: data:; media-src 'none'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'none'; frame-ancestors 'none'; img-src 'self' data:; form-action 'self'; script-src 'self' 1
default-src 'self' bumble.com eu1.bumble.com us1.bumble.com *.bumble.com *.eu1.bumble.com *.us1.bumble.com bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com   *.api.here.com *.paypal.com pagead2.googlesyndication.com api.giphy.com api.tenor.com *.bumble.com t.co analytics.twitter.com wa.appsflyer.com wa.onelink.me youtube.com *.doubleclick.net *.squarespace.com *.facebook.com *.pinterest.com s.pinimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com pagead2.googlesyndication.com *.doubleclick.net *.appsflyer.com s.pinimg.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src *; report-uri /jss/csp_report.phtml 1
object-src 'self'; frame-ancestors 'self' http://*.win2day.at https://*.win2day.at https://*.lottery.co.at:* http://*.lottery.co.at:* http://static.ipoker.com  https://static.ipoker.com; script-src 'nonce-119f089c8bf5c77f814361b73171a1ac' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self'; report-uri /html/cspReport.jsp 1
script-src 'self' 'unsafe-inline'  125.21.185.24 maps.mapmyindia.com *.mapmyindia.com *.googletagmanager.com maps.gstatic.com maps.googleapis.com  www.google-analytics.com ajax.googleapis.com *.gov.in *.google.co.in https://apis.google.com ; img-src 'self' maps.gstatic.com *.gov.in https://maps.mapmyindia.com https://apis.mapmyindia.com *.mapmyindia.com maps.googleapis.com 125.21.185.24 14.139.247.11 *.google.co.in https://apis.google.com data:; frame-src 'self' maps.googleapis.com maps.gstatic.com *.gov.in https://apis.google.com 121.241.116.157 117.247.187.38:8085 city.imd.gov.in 14.139.247.11 125.21.185.24 125.21.185.19 *.google.co.in ; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=d2fedb28-ebad-489e-bf62-a07cb1ac8c39&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=d2fedb28-ebad-489e-bf62-a07cb1ac8c39&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org 'report-sample';script-src-elem 'self' 'unsafe-hashes' 'sha256-C3jwiVv8BdcfxVaU4AEl6C9Q1rfvVB1e3VRCWdMmWJU=' 'sha256-G2CvDOSdZeixAGRXwWiD1g5ToAVLsVfFfDsDqC7plk0=' 'sha256-ASJm/SPXiz6HPHXG+mR/1tnV9JTzaX/T4lL3uC3CYIA=' 'sha256-dexky30Vnom/mzsCZDkyrb1ALQMZjYplIhc0r7CreyU=' 'sha256-d8wrfqLPNMzslaDdkRfyNHUDfDjfS93NG+JdKOADTD4=' 'sha256-yfaygvSe0Qd87FZBMVziH0SWhTtpJCZkKIRUO2oiX9I=' 'sha256-7vWo61O6x1krMhP326o1+t7OOikYdSD/z/e1mgj7/Ac=' 'sha256-mQcbTIdy0NnJqQGlpe1QUdS3WoY/BRil2t9CpP7peec=' 'sha256-kbxrHriawymV2s/j5ipepXD8uqW44SfyspWxb8Pg9Aw=' 'sha256-FO4a4vmnGKx9MDY0tiMmB7xtQTjoIPpm6B/FGCxb/20=' 'sha256-i2DuEj9Lv6oHFGHUSae7Qf6ev8x9VGPJ4cS39NBISL0=' 'sha256-0E0pvbXRioh5zfRKMA3W/qqFNqtKtZs/DDwW+oMIYOI=' https://www.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org;script-src-attr 'unsafe-hashes' 'sha256-yidstvCyDn5kIvz2ZTPLozL+yFriA9MRNGaGmkfriaY=';style-src 'self' 'unsafe-inline';font-src 'self' https://*.gstatic.com;img-src 'self' https://images.dmca.com https://appn.center https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'none';object-src https://*.googlesyndication.com;frame-src 'self' https://*.doubleclick.net https://*.google.com https://appn.center;connect-src 'self' https://appn.center https://*.google-analytics.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;form-action https://*.paypal.com;base-uri 'self';manifest-src 'self';report-uri https://appn.center/apiv1/csp; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-CjZTlKadSf' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' step.samba.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.learnreligions.com *.qa.aws.learnreligions.com atlas.learnreligions.com atlas.local.learnreligions.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://yastatic.net https://yastatic.net *.yandex.ru *.webvisor.org https://metrika-informer.com https://cdn.jsdelivr.net https://www.google-analytics.com http://*.jivosite.com https://*.jivosite.com 1
default-src https://yok.gov.tr https://*.yok.gov.tr https://*.googleapis.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; 1
default-src *; base-uri *; font-src data: *; frame-src 'self' fbrpc: *; img-src data: *; media-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: * 1
frame-ancestors 'self';  base-uri 'self'; object-src 'none';  1
default-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; img-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; media-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; script-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; font-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; 1
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 1
default-src 'none'; base-uri 'self'; object-src 'none'; block-all-mixed-content; connect-src 'self' sentry.io front.sletat.ru api.sletat.ru leadhub.sletat.ru claims.sletat.ru api-claims-agent.sletat.ru module.sletat.ru ads.sletat.ru ui.sletat.ru graph.sletat.ru currency.sletat.ru spo.sletat.ru modulesettings.sletat.ru api-slt.sletat.travel  aisvg.sletat.ru www.google.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net mc.yandex.ru api-maps.yandex.ru stat.tildacdn.com/event/ app.comagic.ru/ss/settings/; font-src 'self' data: front.sletat.ru frontdebug.sletat.ru static.sletat.ru markup.sletat.ru ui.sletat.ru fonts.gstatic.com static.tildacdn.com/fonts/; form-action 'self' data: sletat.ru; frame-ancestors 'none'; frame-src ui.sletat.ru sletat.ostrovok.ru www.google.com www.youtube.com 8530831.fls.doubleclick.net googleads.g.doubleclick.net api-maps.yandex.ru aviasales.sletat.ru bid.g.doubleclick.net landing1.vipcruise.ru search.vcruiz.ru; img-src 'self' data: ui.sletat.ru ads.sletat.ru markup.sletat.ru static.sletat.ru hotels.sletat.ru spo.sletat.ru cms.sletat.ru/api/news/images/ modx.sletat.ru/email/news/ sletat.ru/Services/SletatCounter.ashx maps.gstatic.com maps.googleapis.com www.google.com/ads/ga-audiences www.google.ru/ads/ga-audiences www.googletagmanager.com static-maps.yandex.ru counter.yadro.ru stats.g.doubleclick.net *.maps.yandex.net www.google-analytics.com www.google.com www.google.ru ssl.gstatic.com/analytics-suite/  api-maps.yandex.ru mc.yandex.ru yandex.ru/clck/ yandex.st/lego/_/K135QTHtokBAaAo5Kp70LnMnZoM.png ssl.gstatic.com/editor/editortoolbar.png ssl.gstatic.com/analytics-suite/header/legacy/v2/ic_tag_manager.svg www.gstatic.com/images/icons/material/system/1x/keyboard_arrow_up_white_48dp.png www.gstatic.com/analytics-suite/header/legacy/v2/Favicon_GOP_standard_16.png blob:; manifest-src 'self'; media-src 'none'; script-src 'self' front.sletat.ru frontdebug.sletat.ru static.sletat.ru spo.sletat.ru module.sletat.ru claims.sletat.ru ads.sletat.ru ui.sletat.ru markup.sletat.ru graph.sletat.ru aviasales.sletat.ru/iframe.js www.google.com/uds/ www.google.com/jsapi www.google.com/recaptcha/api.js www.googletagservices.com www.gstatic.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com mc.yandex.ru *.maps.yandex.net api-maps.yandex.ru 8530831.fls.doubleclick.net tagmanager.google.com/debug/api/ googleads.g.doubleclick.net code.jquery.com cdn.ravenjs.com ajax.googleapis.com/ajax/libs/jquery/ stat.tildacdn.com/js/tildastat-0.2.min.js app.comagic.ru/static/cs.min.js ssl.google-analytics.com/ga_exp.js 'nonce-aW5pdGlhbC1zdGF0ZQ==' 'nonce-aW5paXRhbC1zdGF0ZS1zZWFyY2gtaW5pdC1kYXRh' 'nonce-Z29vZ2xlLWFuYWx5dGljcw==' 'nonce-Z29vZ2xlLXRhZy1tYW5hZ2Vy' 'nonce-YWRibG9jay1kZXRlY3Q=' 'nonce-eWEtbWV0cmlrYS1jb3VudGVy' 'nonce-Z2xvYmFsLWVtYmVkZGVk' 'nonce-Z2xvYmFsLXN2Zy1pY29u' 'nonce-Z2xvYmFsLXNsZXRhdC1ob3N0cw==' 'nonce-NDA0LW1lbnU=' 'nonce-NDA0LXBhZ2UtbGlua3M=' 'nonce-NDA0LWdvb2dsZS10YWctbWFuYWdlcg==' 'nonce-Z29vZ2xlLWV4cGVyaW1lbnRzLW9uLXNpdGU=' 'nonce-c2xldGF0LWluaXRpYWwtc3RhdGU=' 'nonce-c2xldGF0LWluaXRpYWwtc3RhdGUtc2VhcmNoLWluaXQtZGF0YQ==' 'nonce-c2xldGF0LWdvb2dsZS1hbmFseXRpY3M=' 'nonce-c2xldGF0LWdvb2dsZS10YWctbWFuYWdlcg==' 'nonce-c2xldGF0LWFkYmxvY2stZGV0ZWN0' 'nonce-c2xldGF0LXlhLW1ldHJpa2EtY291bnRlcg==' 'nonce-c2xldGF0LWdsb2JhbC1lbWJlZGRlZA==' 'nonce-c2xldGF0LWdsb2JhbC1zdmctaWNvbg==' 'nonce-c2xldGF0LWdsb2JhbC1zbGV0YXQtaG9zdHM=' 'nonce-c2xldGF0LTQwNC1wYWdlLWxpbmtz' 'nonce-c2xldGF0LTQwNC1nb29nbGUtdGFnLW1hbmFnZXI=' 'nonce-Z29vZ2xlLWV4cGVyaW1lbnRzLW9uLXNpdGU=' 'nonce-c2xldGF0LW1hc3Rlci11c2VyLWluZm8=' 'nonce-c2xldGF0LW1hc3Rlci1ob3N0cw==' 'sha256-CMMbo23Q6tJZRGrDVpUjsI6Elwp5UiUqmWzl6nOebcU='; style-src 'self' data: 'unsafe-inline' ui.sletat.ru static.sletat.ru front.sletat.ru frontdebug.sletat.ru markup.sletat.ru tagmanager.google.com ajax.googleapis.com fonts.googleapis.com www.google.com tagmanager.google.com/debug/css.css googleads.g.doubleclick.net api-maps.yandex.ru vec01.maps.yandex.net vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net static-maps.yandex.ru counter.yadro.ru static.tildacdn.com/css/fonts-opensans.css static.tildacdn.com/css/fonts-roboto.css; 1
default-src * 'unsafe-inline'; script-src 'self' blob: *.afterpay.com *.booktopia.com.au *.boldchat.com *.cdn4.forter.com *.connect.fluentretail.com *.forter.com:* *.hotjar.com *.masterpass.com *.productreview.com.au *.secure-afterpay.com.au *.secure.checkout.visa.com ajax.googleapis.com apis.google.com assets.citrusad.net bam.nr-data.net bat.bing.com books.google.com books.google.com.au cdn.scarabresearch.com connect.facebook.net d.impactradius-event.com dev.visualwebsiteoptimizer.com google.com.au googleads.g.doubleclick.net jp-tags.mediaforge.com jp-tags.rd.linksynergy.com js-agent.newrelic.com maps.google.com maps.googleapis.com masterpass.com mpsnare.iesnare.com platform.twitter.com sslwidget.criteo.com widget.criteo.com stat.DealTime.com static.api.useinsider.com static.criteo.net static.powerreviews.com stats.g.doubleclick.net thm.visa.com ui.powerreviews.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src data: * 1
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://assets.secure.checkout.visa.com https://static.masterpass.com https://www.paypalobjects.com https://thm.visa.com; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://*.checkout.visa.com https://*.visa.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://*.checkout.visa.com https://script.crazyegg.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.masterpass.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://thm.visa.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.masterpass.com https://masterpass.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://www.facebook.com https://ct.pinterest.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://*.checkout.visa.com https://thm.visa.com https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://*.masterpass.com https://masterpass.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com *.workplace.tools; 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
default-src 'self' *.boozt.com *.booztcdn.com *.booztx.com *.klarna.com; script-src 'self' data: blob: *.boozt.com *.booztcdn.com *.booztx.com tracking.s24.com *.hotjar.com vc.hotjar.io *.zenaps.com assets.bugcrowdusercontent.com bugcrowd.com tagmanager.google.com 7276578.collect.igodigital.com d38knilzwtuys1.cloudfront.net bat.bing.com www.googletagmanager.com www.google-analytics.com storage.googleapis.com track.adform.net *.klarna.com *.klarnacdn.net *.adyen.com *.rewardspay.com bam.nr-data.net www.snapengage.com www.googleadservices.com www.barilliance.net widget.criteo.com static.criteo.net s3.amazonaws.com connect.facebook.net googleads.g.doubleclick.net cm.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com sslwidget.criteo.com widget.eu.criteo.com www.dwin1.com www.gstatic.com hst.tradedoubler.com swrap.tradedoubler.com tag.smartly.io dis.criteo.com www.awin1.com cdn.siftscience.com *.issuu.com bat.bing.com atemda.com optimize.google.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.boozt.com *.booztcdn.com *.booztx.com fonts.gstatic.com cdnjs.cloudflare.com data:; img-src optimize.google.com https: data: blob: 'unsafe-inline'; connect-src 'self' *.boozt.com *.booztcdn.com *.booztx.com stats.g.doubleclick.net code.jquery.com js-agent.newrelic.com www.googletagmanager.com *.klarna.com *.klarnacdn.net *.adyen.com *.hotjar.com www.getpica.com vc.hotjar.io bam.nr-data.net www.snapengage.com dawa.aws.dk www.google-analytics.com translate.googleapis.com wss://www.boozt.com wss://*.hotjar.com partner.revieve.com; child-src 'self' dis.eu.criteo.com www.google-analytics.com; frame-src 'self' *.boozt.com *.booztcdn.com *.booztx.com *.hotjar.com vc.hotjar.io www.getpica.com *.zenaps.com bugcrowd.com www.awin1.com track.adform.net dis.eu.criteo.com bid.g.doubleclick.net gum.criteo.com static.criteo.net staticxx.facebook.com www.facebook.com player.vimeo.com web.facebook.com *.klarna.com *.klarnacdn.net www.prisjakt.nu www.googletagmanager.com *.issuu.com optimize.google.com *.rewardspay.com; style-src 'self' *.boozt.com *.booztcdn.com *.booztx.com fonts.googleapis.com tagmanager.google.com d38knilzwtuys1.cloudfront.net *.adyen.com optimize.google.com data: 'unsafe-inline';  manifest-src 'self' *.boozt.com *.booztcdn.com *.booztx.com; media-src storage.googleapis.com www.snapengage.com; report-uri https://boozt.report-uri.com/r/d/csp/enforce 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=1f77ecdf-3b45-4b52-91d3-7a5e0ddd6e64&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=1f77ecdf-3b45-4b52-91d3-7a5e0ddd6e64&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false 1
default-src * data: blob: filesystem: https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfamily.com *.qa.aws.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.asb.co.nz https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.youtube-nocookie.com https://*.youtube.com https://asbbankltd.tt.omtrdc.net https://d3f5l8ze0o4j2m.cloudfront.net https://quoteapi.com https://dpm.demdex.net https://asb.demdex.net https://*.pingdom.net https://nebula-cdn.kampyle.com https://cm.everesttech.net; worker-src 'self' blob:; 1
frame-ancestors 'self' http://info.barchart.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-pqtPfVrXMk' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com;child-src 'self';img-src 'self' data: *.kromtech.net *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net;object-src 'self';connect-src 'self' *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com wss://*.hotjar.com 1
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 1
base-uri 'self'; connect-src 'self' *.sovendus.com csi.gstatic.com translate.googleapis.com; default-src 'self' *.booklooker.de; font-src 'self' data: static.booklooker.de fonts.gstatic.com; frame-ancestors 'self' http://kvk.bibliothek.kit.edu; frame-src 'self' googleads.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.com *.sovendus.com; img-src 'self' data: *.booklooker.de siegel.ausgezeichnet.org cbooks-piwik.de *.googleadservices.com *.googlesyndication.com *.google.com *.google.de *.googleapis.com *.gstatic.com partners.webmasterplan.com; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.booklooker.de siegel.ausgezeichnet.org cbooks-piwik.de api.sovendus.com *.google.com *.google.at *.google.ch www.googletagservices.com *.googlesyndication.com pagead2.googlesyndication.com  adservice.google.de adservice.google.at adservice.google.ch *.googleadservices.com *.googleapis.com adservice.google.nl adservice.google.it adservice.google.pl adservice.google.fr adservice.google.es adservice.google.ru adservice.google.cz adservice.google.co.uk adservice.google.be adservice.google.hu; style-src 'self' 'unsafe-inline' static.booklooker.de *.googleapis.com; worker-src 'self'; report-uri /interface/csp-report.php; 1
frame-ancestors 'self' *.lumosity.com 1
base-uri 'self'; script-src 'self' https://dreambroker.com 'nonce-07f4077f-9e9e-4944-a3e6-ece4b1a68f9d'; style-src 'self' 'nonce-07f4077f-9e9e-4944-a3e6-ece4b1a68f9d'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://yhteystietohakemisto.valtori.fi https://api.digitransit.fi; child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; object-src 'none'; frame-ancestors 'none' https://*.tunnistus.fi 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=89e200f6-c7f0-4eab-8d04-4efb9e4d7e1d 1
frame-ancestors https://*.keno.de https://keno.de https://*.xn--glcksspirale-elb.de https://xn--glcksspirale-elb.de https://*.gluecksspirale.de https://gluecksspirale.de https://*.eurojackpot.de https://eurojackpot.de https://tippgemeinschaft-verwalten.de https://*.tippgemeinschaft-verwalten.de https://*.tippgemeinschaft.org https://tippgemeinschaft.org https://gluecksspirale.dev.mrmworldwide.de 1
upgrade-insecure-requests; default-src 'self' https: data: *.comodo.com *.comodo.net wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com https://insights.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://geoip.nekudo.com https://freegeoip.net https://secure.comodo.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://m.addthisedge.com https://m.addthis.com https://s7.addthis.com https://cdn3.optimizely.com https://cdn2.optimizely.com https://www.gstatic.com https://www.youtube.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net https://code.jquery.com https://googleads.g.doubleclick.net https://script.hotjar.com https://plugins.help.com https://www.google.com https://www.google.co.uk https://cdn.optimizely.com https://www.comodo.com https://www.google-analytics.com https://secure.leadforensics.com https://static.hotjar.com https://ajax.googleapis.com https://secure.comodo.com https://www.googleadservices.com https://s.ytimg.com ; object-src 'self' *.comodo.com *.comodo.net https://download.comodo.com https://www.youtube.com https://theapplicantmanager.com ; img-src 'self' data: https://www.facebook.com https://www.google.ro https://www.comodo.com/internet-security/thank-you.php https://s9.addthis.com https://cdn.ckeditor.com https://www.google.co.uk https://www.google.co.in https://www.google.com *.comodo.com *.comodo.net https://secure.comodo.com https://download.comodo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net ; font-src 'self' data: secure.comodo.net *.comodo.com *.comodo.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.ckeditor.com https://secure.comodo.net *.comodo.com *.comodo.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.comodo.com ; base-uri 'self' *.comodo.com *.comodo.net ; form-action 'self' *.comodo.com *.comodo.net https://www.hackerguardian.com ; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://secure.comodo.net https://secure.comodo.com https://edge.addthis.com https://www.google.com https://bid.g.doubleclick.net https://www.comodo.com https://www.comodo.net https://cdn.download.comodo.com https://download.comodo.com https://plugins.help.com https://vars.hotjar.com https://www.youtube.com https://theapplicantmanager.com https://s7.addthis.com https://www.youtube-nocookie.com; frame-ancestors http://comodo.pathfactory.com https://comodo.pathfactory.com http://explore.comodo.com https://explore.comodo.com http://comodo.lookbookhq.com https://comodo.lookbookhq.com http://comodo.lookbookhq.com https://comodo.lookbookhq.com https://www.comodo.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d376b778-4ea0-45f7-af5b-895e1efe166b 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.googleapis.com https://*.doubleclick.net https://*.amazon-adsystem.com https://completion.amazon.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://fonts.googleapis.com; connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://*.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com https://shield.sitelock.com https://img.youtube.com  https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://*.assoc-amazon.com https://opensourcematters.org https://*.opensourcematters.org; media-src 'self' https://*.googlevideo.com; frame-ancestors 'self'; report-uri https://community.joomla.org/scripts/csp-reporter.php?source=joomla.org 1
frame-ancestors *.burberry.com burberry.com; 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:  https:; font-src 'self' data: vjs.zencdn.net cdnjs.cloudflare.com fonts.gstatic.com;  1
connect-src 'self' logx.optimizely.com *.optimizely.com api.segment.io https://*.internal-weedmaps.com https://*.weedmaps.com https://internal-weedmaps.com https://weedmaps.com api.amplitude.com *.google-analytics.com cdn.contentful.com performance.typekit.net *.uptime.com api.honeybadger.io d.btttag.com;default-src 'none';font-src 'self' data: use.typekit.net;frame-ancestors 'self';frame-src 'self' boards.greenhouse.io hire.withgoogle.com www.youtube.com app.optimizely.com a6360251288.cdn.optimizely.com www.google.com https://*.instagram.com https://*.twitter.com https://*.facebook.com d.btttag.com tr.snapchat.com;img-src 'self' data: stats.g.doubleclick.net *.google-analytics.com *.weedmaps.com https://wm-platform-users-production.s3-us-west-2.amazonaws.com *.internal-weedmaps.com weedmaps-uploads-production.s3.amazonaws.com p.typekit.net i.ytimg.com api.mapbox.com acuityplatform.com *.ytimg.com *.google.com cdn.optimizely.com pixel-a.basis.net *.twimg.com *.twitter.com images.ctfassets.net stackadapt.com;report-uri https://api-g.weedmaps.com/policy/reports;script-src 'self' 'unsafe-eval' *.greenhouse.io stackadapt.com pixel.sitescout.com pixel-a.basis.net clickserv.basis.net tr.snapchat.com sc-static.net *.google-analytics.com d24n15hnbwhuhn.cloudfront.net cdn.segment.com acuityplatform.com use.typekit.net *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com js.honeybadger.io https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uptime.com https://cdn.amplitude.com/libs/ *.instagram.com https://*.twitter.com https://*.twimg.com https://*.facebook.net weedmaps13671z.btttag.com 'nonce-pC+pe144W8yXfZ6gpGyIHAKLDMqOf23We3LRsq51AR26e3ov' ;style-src 'self' data: 'unsafe-inline' *.twitter.com *.twimg.com;manifest-src 'self' 1
frame-ancestors 'self' *.psplugin.com vergic.com 1
default-src 'self' https://4ege.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://4ege.ru https://*.adhigh.net https://*.buzzoola.com https://*.hybrid.ai https://*.dircont3.com https://ad.mail.ru https://*.sociomantic.com https://*.betweendigital.com https://rotator.admediator.ru https://www.googletagservices.com 4oge.ru https://www.googletagservices.co https://adservice.google.ru *.repetit.ru https://adservice.google.com.ua sochinenie11.ru yastatic.net vk.com userapi.com https://cdnjs.cloudflare.com/ https://cdn.mathjax.org https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru https://*.yandex.ru yandex.ru yandex.net *.yandex.net;object-src 'self' https://4ege.ru https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.yandex.ru https://*.yandex.ru yandex.ru;style-src 'self' 'unsafe-inline' https://4ege.ru https://*.sociomantic.com *.repetit.ru *.googleapis.com *.gstatic.com https://fonts.googleapis.com https://yastatic.net/ https://*.gstatic.com google.com *.google.com;img-src * data: https://4ege.ru https://*.doubleclick.net https://*.googleapis.com *.googleapis.com https://*.googlesyndication.com https://*.gstatic.com awaps.yandex.ru *.gstatic.com;frame-src 'self' https://iframe.admediator.ru https://sochinenie11.ru https://*.rubiconproject.com https://*.perfmelab.com https://*.betweendigital.com https://*.sociomantic.com https://*.hybrid.ai https://*.adhigh.net https://pagead2.googlesyndication.com yastatic.net https://yastatic.net http://yandexadexchange.net https://www.youtube.com http://www.youtube.com https://*.yandexadexchange.net https://*.webinar.ru www.slideshare.net yandexadexchange.net https://*.vsu.ru *.yandex.ru yandex.ru hse.ru https://vk.com https://*.vk.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com http://*.googleadservices.com https://*.googleadservices.com https://*.googlesyndication.com *.vk.com vk.com;font-src 'self' https://4ege.ru * data: https://*.googleapis.com https://*.gstatic.com *.gstatic.com *.googleapis.com;connect-src 'self' https://ads.adfox.ru https://*.adriver.ru https://*.adhigh.net/ https://ads.betweendigital.com https://ad.mail.ru https://pagead2.googlesyndication.com *.repetit.ru https://4ege.ru https://www.youtube.com *.googlevideo.com https://*.gstatic.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru;media-src 'self' https://4ege.ru https://*.adriver.ru; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar alpha.viapais.com.ar *.alpha.viapais.com.ar beta.viapais.com.ar *.beta.viapais.com.ar prepro.viapais.com.ar *.prepro.viapais.com.ar cdn.ampproject.org *.cdn.ampproject.org google.com *.google.com google.com.ar *.google.com.ar; 1
default-src 'self' *.wotspeak.org wotspeak.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.by adservice.google.co.kr adservice.google.az adservice.google.co.uk adservice.google.fr adservice.google.bg mc.yandex.ua cdn.jsdelivr.net www.googletagservices.com *.googletagmanager.com statpipe.ru adservice.google.ge googletagmanager.com adservice.google.co.uz adservice.google.pl adservice.google.md adservice.google.cz adservice.google.am adservice.google.co.il adservice.google.de adservice.google.kg adservice.google.lt adservice.google.ro adservice.google.ru adservice.google.com.ua adservice.google.kz adservice.google.nl cdn.sendpulse.com yastatic.net cse.google.ru yastatic.net cse.google.ru vk.com *.reformal.ru reformal.ru *.googleadservices.com *.tynt.com *.google.com google.com *.tynt.com share.pluso.ru www.google.ru www.google-analytics.com s7.addthis.com *.wotspeak.org wotspeak.org *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com;frame-src 'self' cdn.steambets.net *.google.com cse.google.ru *.google.ru login.vk.com https://*.reformal.ru *.reformal.ru reformal.ru vk.com www.google.ru s7.addthis.com *.googleadservices.com *.wotspeak.org wotspeak.org *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com;connect-src 'self' saltcdn2.googleapis.com mc.yandex.by mc.yandex.kz mc.yandex.ua fcm.googleapis.com cdn.jsdelivr.net cdn.steambets.net statpipe.ru stats.g.doubleclick.net csi.gstatic.com www.google-analytics.com pushdata.sendpulse.com:4434 https://*.reformal.ru *.reformal.ru reformal.ru *.googleadservices.com *.wotspeak.org wotspeak.org mc.yandex.ru https://translate.googleapis.com https://pipe.skype.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sendpulse.com *.googleadservices.com s7.addthis.com *.wotspeak.org wotspeak.org *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru data:;font-src 'self' wotspeak.org *.reformal.ru *.googleadservices.com *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://*.yandex.ru data:;img-src 'self' login.vk.com cdn.steambets.net www.googletagmanager.com kolobanov.pro cdn.push.expert vk.com www.gravatar.com m.addthis.com *.reformal.ru reformal.ru *.googleadservices.com counter.yadro.ru *.tynt.com share.pluso.ru www.google.ru www.google-analytics.com https://*.google.com *.google.com google.com *.wotspeak.org wotspeak.org *.yandex.net *.yandex.ru yandex.ru yandex.st *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com https://*.yandex.net https://*.yandex.ru https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com data:;object-src 'self' cdn.steambets.net *.googleadservices.com *.reformal.ru reformal.ru *.gstatic.com an.yandex.ru https://*.gstatic.com https://an.yandex.ru;;report-uri https://wotspeak.org/CSP-only-my.php 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://codeburst.io https://*.codeburst.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'http://apps.icicidirect.com'; 1
upgrade-insecure-requests; default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 1
default-src 'self' *.lendingclub.com lendingclub.com; img-src * data:; script-src 'unsafe-inline' 'self' *.lendingclub.com lendingclub.com js-agent.newrelic.com bam.nr-data.net t.a3cloud.net cdn.plaid.com *.googletagmanager.com/gtag/ *.googleadservices.com/pagead/ googleads.g.doubleclick.net/pagead/ s.pinimg.com connect.facebook.net tags.tiqcdn.com www.google-analytics.com lendingclub.com www.lendingclub.com t.a3cloud.net 'unsafe-eval' *.optimizely.com optimizely.s3.amazonaws.com cdn.ampproject.org/v0.js cdn.ampproject.org/v0/validator.js; connect-src 'self' js-agent.newrelic.com bam.nr-data.net ct.pinterest.com *.optimizely.com; frame-src 'self' cdn.plaid.com 'self' view.ceros.com creative-services.ceros.com static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-desktop/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-tablet/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-mobile/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-quiz-desktop/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-quiz-mobile/index.html; font-src 'self' *.lendingclub.com data: static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-regular.woff2 static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-bold.woff2; style-src 'unsafe-inline' 'self'; report-uri /site/csp/report /site/csp/report; media-src static.lendingclub.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.algolia.net *.algolianet.com; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https: http://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk *.houseofwellness.com.au 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-a75589298feb4deba640998cebddeeea'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline';media-src blob: https:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self' zacks.com *.zacks.com; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' spellcheck.boe.es svc.webspellchecker.net www.google-analytics.com ajax.googleapis.com ; connect-src 'self' spellcheck.boe.es ; img-src 'self' spellcheck.boe.es data: www.google-analytics.com ajax.googleapis.com chart.apis.google.com servicios.mpr.es ; style-src 'unsafe-inline' 'self' *.boe.es fonts.googleapis.com ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; child-src 'self' spellcheck.boe.es www.youtube.com afirma: ; object-src 'self' ; media-src 'self' 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: * 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ae  ; frame-src 'self' *.indeed.com *.indeed.ae https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ae d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-cNlqzOVdVd' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=1170de80-04be-4a59-859e-0ab5ef7e1f64 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=fcf109c3-fdbb-48d9-88b8-9546299145d4 1
frame-ancestors *.dowjones.net *.onservo.com 1
default-src 'none'; font-src 'self' https: data: fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' cdn.segment.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net platform.twitter.com px.ads.linkedin.com *.licdn.com static.woopra.com www.woopra.com js.intercomcdn.com widget.intercom.io app.intercom.io apis.google.com ajax.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com static.doubleclick.net www.youtube.com s.ytimg.com *.visualwebsiteoptimizer.com *.optinmonster.com a.optmstr.com a.optmnstr.com cdn.jsdelivr.net *.getdrip.com *.chartbeat.com *.wistia.com d3kdj0p3ajn4xa.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com d3kdj0p3ajn4xa.cloudfront.net; connect-src 'self' wss: api.segment.io platform.twitter.com staticxx.facebook.com *.intercom.io *.optmnstr.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net; frame-src 'self' platform.twitter.com *.facebook.com www.youtube.com www.google.com *.wistia.com player.vimeo.com www.slideshare.net; media-src 'self' blob: data: embedwistia-a.akamaihd.net s3.amazonaws.com 1
frame-ancestors 'self' http://jobspreader.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https:; frame-ancestors tweakers.net *.tweakers.net tweakimg.net *.tweakimg.net; report-uri https://tweakers.net/csp-report/?requestId=Twk-eun-web3_158.1.4_3873_5d11e1f28ac1b7.13739222 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=00cf6b8e-debb-483c-b53f-0ac7833c5a5e&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=00cf6b8e-debb-483c-b53f-0ac7833c5a5e&version=59819fa025c39de142940479b13442ac8e18d5bc&report_only=false 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.aboutespanol.com *.qa.aws.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1
default-src 'self'   http://tools.ietf.org https://www.youtube.com https://youtu.be http://shp.0n3dmn.com http://jsc.marketgid.com http://co.frankiesupport.com http://kodik.info http://et-code.ru http://myvi.ru/ http://rutube.ru https://ok.ru http://*.google-analytics.com http://mc.yandex.ru http://ajax.googleapis.com https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru http://fs126.myvi.ru:8080 http://videoplayer.ru http://rt.rtl1.org http://*.rtl1.org *.rtl1.org wsp.marketgid.com *.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://añ-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://añ-nb.marketgid.com http://ad-nb.marketgid.com http://imgg.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com http://rtl1.net http://rt.rtl1.biz http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1vesta.com http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com https://*.twimg.com http://*.twimg.com https://*.twitter.com http://*.twitter.com https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru https://*.mail.ru http://*.mail.ru http://adobe.com http://*.adobe.com http://*.uptolike.com https://*.uptolike.com https://uptolike.ru  https://mc.yandex.ru http://rt.tizerlady.click http://yastatic.net https://vk.com http://vk.com https://twitter.com http://twitter.com http://awaps.yandex.ru; style-src 'unsafe-inline' *; frame-src 'self'   https://www.youtube.com https://youtu.be http://kodik.biz http://shp.0n3dmn.com http://jsc.marketgid.com http://co.frankiesupport.com http://et-code.ru http://myvi.ru/ http://kodik.info http://rutube.ru https://ok.ru http://rt.tizerlady.work http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://*.lcads.ru http://n.cashandfavor.ru http://n.busyprice.ru http://n.servemoney.ru http://n.levelpay.ru http://n.goodkind.ru http://n.cashheaven.ru http://n.moneytrap.ru http://n.pandre10.ru http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com https://twitter.com http://twitter.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com https://*.twimg.com http://*.twimg.com https://*.twitter.com http://*.twitter.com https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com http://*.uptolike.com https://*.uptolike.com https://uptolike.ru http://uptolike.ru http://lc2ads.ru http://*.lc2ads.ru http://uk.tizerlady.com https://*.mail.ru http://*.mail.ru http://vk.com http://*.vk.com https://vk.com https://*.vk.com https://vkontakte.ru https://*.vkontakte.ru http://*.marketgid.com https://mc.yandex.ru http://awaps.yandex.ru http://rt.tizerlady.click http://*.tizerlady.click http://marketgid.com https://twimg.com http://twimg.com http://yastatic.net; img-src * data:; media-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'    https://www.youtube.com https://youtu.be http://co.frankiesupport.com  https://ok.ru http://ajax.googleapis.com http://mc.yandex.ru http://*.recreativ.ru http://recreativ.ru https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru http://videoplayer.ru http://rt.rtl1.org http://*.rtl1.org *.rtl1.org wsp.marketgid.com *.marketgid.com http://*.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://añ-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://añ-nb.marketgid.com http://ad-nb.marketgid.com http://imgg.marketgid.com http://*.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com http://rtl1.net http://rt.rtl1.biz http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1vesta.com http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://*.mail.ru http://*.mail.ru http://*.uptolike.com https://*.uptolike.com https://uptolike.ru http://uptolike.ru https://counter.yadro.ru http://counter.yadro.ru http://uk.tizerlady.com http://lc2ads.ru http://*.lc2ads.ru http://yandex.st http://rt.tizerlady.click https://*.mail.ru http://jsc.marketgid.com http://marketgid.com http://*.marketgid.com http://*.ladycash.ru http://*.tizerlady.ru http://tizerlady.ru http://rt.tizerlady.click http://*.tizerlady.click http://tizerlady.click https://mc.yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://yastatic.net https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com https://*.twitter.com http://*.twitter.com https://twitter.com http://twitter.com https://*.twimg.com http://*.twimg.com http://*.lcads.ru http://n.cashandfavor.ru http://n.busyprice.ru http://n.servemoney.ru http://n.levelpay.ru http://n.goodkind.ru http://n.cashheaven.ru http://n.moneytrap.ru http://n.pandre10.ru https://vk.com http://vk.com; connect-src 'self'  https://www.youtube.com https://youtu.be http://jsc.marketgid.com https://ok.ru wsp.marketgid.com *.marketgid.com http://*.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://añ-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://añ-nb.marketgid.com http://ad-nb.marketgid.com http://ag-nb.marketgid.com http://imgg.marketgid.com http://*.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com http://recreativ.ru http://*.recreativ.ru http://rt.tizerlady.click http://jsc.marketgid.com http://*.marketgid.com http://vk.com http://*.vk.com https://vk.com https://*.vk.com http://*.yandex.st https://yastatic.net http://mc.yandex.ru http://yandex.st http://yastatic.net https://mc.yandex.ru  http://*.yandex.net http://yandex.net http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://*.twitter.com http://*.twitter.com https://*.twimg.com http://*.twimg.com http://rt.rtl1.org http://*.rtl1.org *.rtl1.org http://fs126.myvi.ru:8080 http://videoplayer.ru; 1
default-src 'self' files.virgool.io blob:; connect-src 'self' https://www.google-analytics.com stats.vstat.ir heapanalytics.com cdn.iframe.ly https://geoip-db.com; font-src 'self' data: https://virgool.io;  img-src blob: data: https: 'self' files.virgool.io https://www.google-analytics.com; object-src 'self' virgool.io; media-src cdn.virgool.io; script-src 'self' blob: https://virgool.io 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com https://www.google-analytics.com js-agent.newrelic.com stats.vstat.ir bam.eu01.nr-data.net heapanalytics.com cdn.iframe.ly https://cdn.iframe.ly https://geoip-db.com  https: 'self'; style-src 'unsafe-inline' data: https: 'self'; frame-src 'self' cdn.iframe.ly https://cdn.iframe.ly  chromenull: https: webviewprogressproxy: ; worker-src blob: 'self';  1
frame-ancestors https://*.jobs.cz https://my.teamio.com https://*.facebook.com https://*.kurzy.cz; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucepets.com *.qa.aws.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 1
default-src 'self' ; object-src 'self' blob: https://*.doubleclick.net https://*.hotjar.com https://*.bazaarvoice.com https://*.worldpay.com; frame-src 'self' blob: https://*.superdrug.com https://*.doubleclick.net https://*.hotjar.com https://*.bazaarvoice.com https://*.worldpay.com https://*.trustarc.com https://*.tradedoubler.com https://*.youtube.com https://*.facebook.com https://*.google.com https://*.gnatta.com https://*.acast.com https://dot.vu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.feefo.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://*.peerius.com https://*.bing.com https://*.hotjar.com https://*.google-analytics.com https://*.truste.com https://*.trustarc.com https://*.facebook.net https://*.bazaarvoice.com https://*.worldpay.com https://*.dwin1.com https://*.iesnare.com https://*.newrelic.com https://*.zenaps.com https://*.nr-data.net https://*.google.com https://*.aswatson.net https://*.superdrug.com https://*.instagram.com https://*.youtube.com https://*.ytimg.com https://d38knilzwtuys1.cloudfront.net https://freegeoip.net https://*.gstatic.com https://*.gnatta.com https://shopstylecollective.co.uk https://scriptcdn.feelter.com https://json.feelter.com https://player.vimeo.com https://*.vimeocdn.com https://cdn.acast.com https://*.rackcdn.com; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://*.feefo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.bazaarvoice.com https://*.worldpay.com https://*.dwin1.com https://*.revieve.com https://freegeoip.net https://*.peerius.com https://*.gnatta.com https://*.feelter.com https://player.vimeo.com https://*.vimeocdn.com https://*.acast.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.bazaarvoice.com https://*.worldpay.com https://*.superdrug.com https://*.aswatson.net https://*.bootstrapcdn.com https://d38knilzwtuys1.cloudfront.net https://*.revieve.com https://assets.feelter.com https://*.vimeocdn.com; font-src 'self' data: https://*.google.com https://*.fonts.googleapis.com https://*.gstatic.com https://*.fonts.gstatic.com https://*.hotjar.com https://*.superdrug.com https://*.bootstrapcdn.com https://*.feelter.com https://*.vimeocdn.com; img-src 'self' data: blob: https:; 1
default-src https://tpc.googlesyndication.com 'self'; img-src data: https://pagead2.googlesyndication.com https://click.topturizm.ru https://d2ttnongggltje.cloudfront.net https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://matchid.adfox.yandex.ru https://*.adfox.ru http://banners.adfox.ru https://hexagon-analytics.com https://stats.g.doubleclick.net https://s.youtube.com https://www.kayak.com https://*.facebook.com https://*.clicktripz.com https://*.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://img.twiket.cfafom.ua https://media.expedia.com https://www.google-analytics.com https://servedbyadbutler.com https://b.siftscience.com https://usage.trackjs.com https://*.amadeus.com https://*.onetwotrip.com https://*.google.com https://www.google.ru https://googleads.g.doubleclick.net https://ads.otthyper.com https://*.rackcdn.com https://*.mapbox.com https://*.bstatic.com https://img.twiket.com.ua https://cdn.cartrawler.com https://www.tcsbank.ru https://level.travel https://*.4sqi.net https://d2f9dw3b0opbul.cloudfront.net https://www.sixt.de https://*.olt.su https://s3.level.travel https://static.europcar.com https://vk.com https://an.yandex.ru https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net 'self'; script-src https://partner.tophotels.ru https://banners.adfox.ru https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://*.doubleclick.net https://*.clicktripz.com https://matchid.adfox.yandex.ru https://ads.adfox.ru https://npmcdn.com https://connect.mail.ru https://static.olark.com https://*.gstatic.com https://www.odnoklassniki.ru https://connect.ok.ru https://*.facebook.net https://*.facebook.com https://*.amazonaws.com https://*.googleapis.com https://*.addthis.com https://yastatic.net https://*.criteo.com https://static.criteo.net https://*.google.com https://www.googleadservices.com https://*.otthyper.com https://www.google-analytics.com https://www.googletagservices.com https://adservice.google.ru https://cdn.ampproject.org https://pagead2.googlesyndication.com https://*.onetwotrip.com https://vk.com https://www.tns.counter.ru https://bs.serving-sys.com https://adriver.ru https://gemius.pl https://weborama.com https://*.splitmetrics.com https://dalusewymm5m7.cloudfront.net 'sha256-utHc6W9laKQHu5xsLu1xARK9SQYmXAGZXILalXWGxz8=' 'sha256-1Or2VH0kql7x3gN+87qaHju89Itr/rcx6bpPFu198zQ=' 'sha256-p7nQGNQEohY7G1H6o93fX6NFaUa+A/SiAcN6mQuxH4o=' 'sha256-51dKTyKrLcz8MhX/6XCGr5Tjhzfp7rWqP7aIuLrgxyQ=' 'sha256-LP8uL4i/yWS8TBwu1iOHbShuOAjFOl9HIi3JWv4Wu58=' 'sha256-nZZ0G6b2JMj1bwBOwRlSzWg2x+CUY8SLGKU4JJk7If0=' 'sha256-hY0cT0H4W6x5ZeyI+kD0ST9hFPbAlt2F8MewCJPYgZc=' 'sha256-t52AuL92b6JVwnJ2H57wblwrztHgLOiFIZuktVwFWKU=' 'self' 'unsafe-eval'; frame-src https://tpc.googlesyndication.com https://*.revo.ru https://*.revoplus.ru https://*.booking.com https://*.google.com https://*.criteo.com https://*.facebook.com https://secure.payture.com https://*.onetwotrip.com https://static.criteo.net https://www.tcsbank.ru https://level.travel https://ott-static.s3.eu-central-1.amazonaws.com 'self'; connect-src https://securepubads.g.doubleclick.net https://csi.gstatic.com https://ads.adfox.ru https://translate.yandex.net https://servedbyadbutler.com https://*.onetwotrip.com https://ads.otthyper.com https://capture.trackjs.com https://*.youtube.com https://www.google-analytics.com https://www.tcsbank.ru https://connect.mail.ru https://onesignal.com https://*.onesignal.com https://*.blablacar.com https://*.clicktripz.com https://top-fwz1.mail.ru https://*.splitmetrics.com wss://*.onetwotrip.com 'self'; style-src https://partner.tophotels.ru https://npmcdn.com https://*.amazonaws.com https://*.googleapis.com https://onesignal.com https://*.onesignal.com https://*.facebook.com https://partner.onetwotrip.com 'self' 'unsafe-inline'; font-src https://static.onetwotrip.com https://fonts.gstatic.com https://partner.onetwotrip.com https://fonts.googleapis.com 'self'; form-action *; report-uri https://www.onetwotrip.com/_api/statistics/addCSPR; object-src https://ott-static.s3.eu-central-1.amazonaws.com; frame-ancestors https://*.onetwotrip.com https://vk.com https://m.vk.com 'self'; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-aarRCOEvuF' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' *;object-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *; frame-ancestors http://aarth.com http://*.aarth.com http://aarth.net http://*.aarth.net http://carzoom.in http://*.carzoom.in; 1
default-src 'none'; connect-src ws://localhost:* https://www.google-analytics.com https://fonts.googleapis.com https://api.stripe.com https://*.nebenan.de; child-src www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* https://js.stripe.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.googleadservices.com connect.facebook.net platform.twitter.com; img-src 'self' data: https://* www.google-analytics.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; media-src 'self'; form-action 'self'; frame-src https://js.stripe.com; frame-ancestors https://*.nebenan.de; report-uri https://sentry.nebenan.de/api/12/csp-report/?sentry_key=6f36691e502848949116aeba72c21b8e 1
default-src 'self' moiprogrammy.com;style-src 'self' 'unsafe-inline' https://vk.com http://vk.com https://ajax.googleapis.com http://ajax.googleapis.com;frame-src 'self' https://vk.com http://vk.com https://*.doubleclick.net http://*.doubleclick.net https://*.yastatic.net http://*.yastatic.net https://yastatic.net http://yastatic.net;media-src 'self';connect-src 'self' https://*.yandex.ru http://*.yandex.ru;font-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com http://ajax.googleapis.com https://vk.com http://vk.com http://*.googlesyndication.com https://*.googlesyndication.com https://*.yandex.ru http://*.yandex.ru https://*.google.de http://*.google.de https://*.google.ru http://*.google.ru https://*.google.com http://*.google.com https://*.google.com.ua http://*.google.com.ua https://*.yastatic.net http://*.yastatic.net https://yastatic.net http://yastatic.net;img-src 'self' http://counter.yadro.ru https://counter.yadro.ru https://vk.com http://vk.com https://*.yandex.net http://*.yandex.net https://*.yandex.ru http://*.yandex.ru data: blob: filesystem:; 1
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data: 'unsafe-inline' 'unsafe-eval'; worker-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; font-src http: https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' search.edweek.org blogs.edweek.org webadmin.edweek.org edweek.org www.edweek.org edweekevents.org app.optimizely.com www.optimizelyedit.com www.clearslide.com; 1
frame-ancestors www.comparasemplice.it www.sostariffe.it www.segugio.it tariffe.segugio.it enigaseluce.com; 1
default-src 'self'; script-src 'self' js.stripe.com storage.googleapis.com analytics.service.cryptowat.ch 'nonce-RLWAKD4PIR3C5GRZ7QFO' static.cryptowat.ch; connect-src 'self' *.stripe.com *.reddit.com wss://*.cryptowat.ch *.cryptowat.ch; img-src 'self' data: *.stripe.com analytics.service.cryptowat.ch static.cryptowat.ch; style-src 'self' 'unsafe-inline' static.cryptowat.ch; child-src 'self' *.stripe.com; font-src 'self' static.cryptowat.ch; 1
block-all-mixed-content; connect-src 'self' wss://*.amateri.com www.google-analytics.com amateri-video-original.s3.eu-west-1.amazonaws.com sentry.amateri.com; default-src 'self' https://video-cdn.amateri.com; font-src 'self'; frame-src www.google.com promo-bc.com; img-src 'self' *.amateri.com data: www.google-analytics.com stats.g.doubleclick.net chart.googleapis.com; media-src 'self' https://video-cdn.amateri.com blob:; script-src 'unsafe-inline' 'self' www.google-analytics.com www.google.com www.gstatic.com browser.sentry-cdn.com 'nonce-+Y3Wk8W4jK2ZqF8nZq09nw==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:;upgrade-insecure-requests; block-all-mixed-content; report-uri https://c049889f47b6f90358ef9bb3f6b3d2ac.report-uri.com/r/d/csp/reportOnly 1
default-src ajax.googleapis.com www.google-analytics.com www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: 'self' https://d3ns5crcgwfodk.cloudfront.net/ https://cdn.vendocdn.com/ https://cdn.vendocdn.com/store/ https://secure.vend-o.com/; report-uri https://secure.vend-o.com/api/traffic-tracking/csp 1
default-src 'none'; connect-src 'self' https://fastmail.innocraft.cloud; img-src 'self' data: https://*.fastmail.com https://fastmail.innocraft.cloud https://*.twimg.com; font-src 'self' data: https://*.fastmail.com; style-src 'self' 'unsafe-inline' https://*.fastmail.com; script-src 'self' 'unsafe-eval' https://*.fastmail.com https://api.pin.net.au https://api.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; child-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; frame-ancestors 'none'; 1
default-src 'self' https://s.hongleongconnect.my https://www.hlb.com.my; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 'unsafe-inline'; img-src 'self' * 'unsafe-inline' data: ; style-src 'self' * 'unsafe-inline'; font-src 'self' * data: ; frame-src 'self' * 1
default-src 'self' *.mo.gov; connect-src 'self' *.usgs.gov *.googleapis.com *.mixpanel.com https://data.mo.gov/ *.mo.gov *.mxpnl.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.cloudfront.net *.d1l6p2sc9645hc.cloudfront.net *.ytimg.com *.youtube.com *.govdelivery.com *.google-analytics.com *.jquery.com *.wufoo.com https://wufoo.com *.googleapis.com *.google.com *.mo.gov *.gosquared.com *.newrelic.com *.twimg.com *.twitter.com *.nr-data.net *.kxcdn.com *.datatables.net *.thinglink.me *.thinglink.com *.addthisedge.com *.addthis.com *.d3js.org *.js-agent.newrelic.com *.bam.nr-data.net *.www.google-analytics.com *.html5shiv.googlecode.com *.translate.google.com ; style-src 'unsafe-inline' *.mo.gov *.gstatic.com *.googleapis.com *.twimg.com *.twitter.com *.datatables.net *.thinglink.me ; frame-src *.mo.gov *.facebook.com *.adobe.com *.soundcloud.com *.w.soundcloud.com *.thinglink.me *.youtube-nocookie.com *.youtube.com *.wufoo.com *.twitter.com *.google.com *.addthis.com *.cdc.gov *.arcgis.com ; object-src 'self' *.mo.gov *.flickr.com *.brightcove.com ; font-src * 'unsafe-inline'  data: ; img-src * 'unsafe-inline' *.twimg.com data:  1
default-src 'self' https://img.zumpercdn.com; script-src 'self' 'unsafe-eval' www.googleadservices.com *.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.getblueshift.com *.scorecardresearch.com connect.facebook.net djnf6e5yyirys.cloudfront.net tracking.listhub.net cdnjs.cloudflare.com static.criteo.net *.criteo.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net 'nonce-b73ac0c7-64ca-4293-aaf5-bf22af671781' *.friendbuy.com cdn.jsdelivr.net *.trovit.com; connect-src 'self' *.zumper.com api.getblueshift.com www.google-analytics.com www.facebook.com ssl.geoplugin.net *.doubleclick.net api.rollbar.com logx.optimizely.com cdn.optimizely.com *.friendbuy.com *.recombee.us; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; frame-src 'self' *.facebook.com *.doubleclick.net *.criteo.com *.criteo.net *.googletagmanager.com www.youtube-nocookie.com my.matterport.com geocv.com; img-src 'self' data: *.googleapis.com *.gstatic.com www.google-analytics.com www.googletagmanager.com www.facebook.com *.ggpht.com *.scorecardresearch.com *.doubleclick.net *.criteo.com *.criteo.net d2t1047w253zzm.cloudfront.net img.youtube.com *.matterport.com https://static.zumpercdn.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net www.google.com www.google.ca rd.trovit.com tracking.listhub.com tracking.listhub.net tracking.listhub.biz techcrunch.com img.buzzfeed.com housemethod.com i.amz.mshcdn.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; form-action 'self' www.facebook.com; report-uri https://1bf96f85da4d4d6fd196bd9500cbb0b6.report-uri.com/r/t/csp/enforce; frame-ancestors *.relocation-portal.com 1
default-src none; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com/iframe_api https://piwik.wu.ac.at https://ajax.googleapis.com https://maps.googleapis.com https://*.newrelic.com https://*.nr-data.net https://platform.twitter.com https://connect.facebook.net https://*.vo.msecnd.net/ https://newsletter.wu.ac.at/ https://analytics-eu.clickdimensions.com/; style-src 'self' 'unsafe-inline' https://piwik.wu.ac.at/ https://fonts.googleapis.com https://*.vo.msecnd.net/; frame-src https:; frame-ancestors 'self' http://*.coe.at https://piwik.wu.ac.at/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://bach.wu.ac.at https://apps.wu.ac.at; form-action 'self' https:; media-src 'self'; object-src 'self' 1
frame-ancestors https://www.particulares.santandertotta.pt 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' optimize.google.com tagmanager.google.com www.googletagmanager.com www.youtube.com maps.googleapis.com ajax.aspnetcdn.com cdn.fontawesome.com *.demdex.net marketing.adobe.com nebula-cdn.kampyle.com *.googleadservices.com *.google-analytics.com static.hotjar.com bat.bing.com connect.facebook.net cdn-akamai.mookie1.com ds-aksb-a.akamaihd.net s.ytimg.com googleads.g.doubleclick.net stats.g.doubleclick.net script.hotjar.com tags.tiqcdn.com static.ads-twitter.com analytics.twitter.com platform.twitter.com www.cdic.ca www.sadc.ca;frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' service.bmf.gv.at bksuche.brz.gv.at static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' www.etracker.de; connect-src 'self' www.etracker.de bksuche.brz.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; child-src 'self'; frame-src *; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-src 'self' https://*.smartthings.com https://a786852172.cdn.optimizely.com https://connect.facebook.net; frame-ancestors https://*.smartthings.com; script-src 'self' 'unsafe-inline' https://*.smartthings.com  https://d3ijxvf5kli6f6.cloudfront.net https://d3v2iotzttomfo.cloudfront.net https://d1mgcpums0qvsa.cloudfront.net http://d1mgcpums0qvsa.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; style-src 'self' 'unsafe-inline' https://d3ijxvf5kli6f6.cloudfront.net https://d3v2iotzttomfo.cloudfront.net 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com; child-src 'self' *.tugraz.at *.youtube.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://*.heapanalytics.com http://*.heapanalytics.com https://cdn.firstpromoter.com https://canny.io https://*.chargebee.com https://*.adroll.com https://www.youtube.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.usemessages.com; report-uri /ajax/csp_report.php; 1
default-src 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src static.ycx.santander.pl https://static3.santander.pl https://stats.g.doubleclick.net https://www.facebook.com https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://www.googletagmanager.com www.google.com www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://cloud.webankieta.pl https://formularze.santander.pl https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://static.ycx.santander.pl https://datacloud.tealiumiq.com https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.google.com https://www.static.ycx.santander.pl https://www.script.crazyegg.com https://connect.facebook.net static.ycx.santander.pl https://santanderleasing.pl https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl https://maps.googleapis.com http://static.ycx.santander.pl http://www.script.crazyegg.com static.yourcx.io https://maps.gstatic.com https://user-event-tracker.crazyegg.com https://static.ycx.santander.pl www.google.com https://www.google-analytics.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com http://script.crazyegg.com http://www.static.ycx.santander.pl www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://collect.tealiumiq.com https://my.tealiumiq.com 'self' 1
frame-ancestors 'self' https://open.tcfbank.com; 1
default-src 'self' https://website.phonepe.com; script-src https://website.phonepe.com https://www.gstatic.com https://www.google.com http://api.recaptcha.net https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com 'self'; style-src https://website.phonepe.com https://cdn.jotfor.ms https://fonts.googleapis.com http://api.recaptcha.net 'self' 'unsafe-inline'; img-src https://website.phonepe.com https://imgstatic.phonepe.com http://images.phonepe.com http://api.recaptcha.net https://cdn.jotfor.ms 'self' https://www.google-analytics.com; font-src https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src 'self'; frame-src http://api.recaptcha.net https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com; report-uri https://csp.phonepe.com/log 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://payments.amazon.co.jp/ https://payments.amazon.co.uk https://*.amazon.de https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://payments.amazon.co.jp https://payments-jp.amazon.com https://*.amazon.de https://payments-de.amazon.com https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ff40bca3-7cd1-4860-bd86-9e560048c62c 1
frame-ancestors 'self' *.wildberries.kz 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://play2.qbrick.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com https://qbrick.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.fi https://code.highcharts.com; object-src 'self' https://qbrick.com *.qbrick.com; frame-src 'self' https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://android.com https://windowsphone.com https://qbrick.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/conde-nast-traveler 1
default-src https:; img-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.tenor.co https://*.tenor.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv 'nonce-MTI1YWE3NGMtNGY2MS00YjBiLWFiNDYtN2M4YmUzMzQ5OGRm' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/; object-src 'none' 1
frame-ancestors 'self' https://*.atrapalo.com; report-uri /csp/report; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ 'unsafe-eval' 'nonce-aca51b4686b74b5c883dc8ce7983400e'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
default-src 'self' data: maps.googleapis.com *.gstatic.com talos.adman.gr *.pstatic.gr www.bestprice.gr *.heatmap.it https://static.pexels.com; script-src 'unsafe-inline' connect.facebook.com www.google-analytics.com talos.adman.gr connect.facebook.net graph.facebook.com www.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.googlecode.com *.googleapis.com *.google.com *.adman.gr *.bestprice.gr *.pstatic.gr app.getsentry.com *.adsafeprotected.com pagead2.googlesyndication.com *.heatmap.it heatmap.it adservice.google.gr *.instagram.com https://*.playbuzz.com https://fullstory.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.pstatic.gr *.adman.gr *.facebook.com *.twitter.com *.gravatar.com *.heatmap.it *.google.com *.adsafeprotected.com; frame-src 'self' data: *.adman.gr *.facebook.com bs.serving-sys.com *.mathtag.com *.youtube.com *.agkn.com *.heatmap.it heatmap.it *.adsafeprotected.com *.instagram.com googleads.g.doubleclick.net ads.eu.criteo.com https://embed.playbuzz.com https://optimize.google.com; frame-ancestors 'self'; connect-src 'self' stats.g.doubleclick.net api.airtable.com rpc.bestprice.gr www.google-analytics.com script.google.com pubsub.bestprice.gr ws://pubsub.bestprice.gr wss://pubsub.bestprice.gr script.googleusercontent.com graph.facebook.com www.bestprice.gr www.sentry.io app.getsentry.com *.pstatic.gr *.adman.gr *.adsafeprotected.com *.instagram.com https://*.playbuzz.com https://rs.fullstory.com; img-src 'self' data: graph.facebook.com www.google-analytics.com platform-lookaside.fbsbx.com *.pstatic.gr *.gstatic.com *.youtube.com *.googleapis.com *.googlecode.com *.facebook.com *.twimg.com *.fbcdn.net www.google.com www.google.gr *.fbsbx.com *.googleusercontent.com *.heatmap.it heatmap.it *.adsafeprotected.com *.googlesyndication.com *.adman.gr https://*.playbuzz.com; object-src 'none'; base-uri 'self' https://optimize.google.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src * ; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: https://tr.rdrtr.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr; style-src * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.adroll.com https://*.cloudfront.net https://*.cnetcontent.com https://*.cnetcontentsolutions.com https://www.dwin1.com https://e2d2.easy2.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlecommerce.com https://*.googletagmanager.com https://storage.googleapis.com/code.snapengage.com/ https://*.reevoo.com/ https://www.snapengage.com https://api.treepodia.com https://www.googlecommerce.com https://www.gstatic.com/ https://*.hotjar.com https://bat.bing.com/bat.js https://*.facebook.net https://*.twitter.com https://content.webcollage.net https://*.visualwebsiteoptimizer.com https://*.exponea.com https://analytics.webgains.io blob: https://d.turn.com https://console.turn.com https://snap.licdn.com/ https://px.ads.linkedin.com/ https://widget.trustpilot.com/ https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://secure.dekopay.com https://*.doubleclick.net https://*.criteo.net https://*.criteo.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cnetcontentsolutions.com https://*.cnetcontent.com https://mark.reevoo.com https://tagmanager.google.com https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com; img-src 'self' data: https://secure.leadback.advertising.com https://bat.bing.com https://*.cloudfront.net https://*.cnetcontent.com/ https://*.cnetcontentsolutions.com https://*.cnetcontentsyndication.com https://*.doubleclick.net https://www.dsply.com https://img.ebyrcdn.net https://image.ebuyer.com https://static.ebuyer.com https://*.facebook.com https://*.google.ie https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://storage.googleapis.com/code.snapengage.com/ https://www.googlecommerce.com https://*.gstatic.com https://bat.r.msn.com https://*.reevoo.com https://www.snapengage.com https://*.twitter.com https://*.webcollage.net https://ads.yahoo.com https://ad.yieldmanager.com https://*.visualwebsiteoptimizer.com https://w-it.m-t.io; media-src https://videos.treepodia.com; frame-src 'self' https://www.channelcentral.net https://*.cnetcontentsolutions.com https://www.eventbrite.co.uk https://*.reevoo.com https://www.snapengage.com https://www.googlecommerce.com https://*.google.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://*.youtube.com https://*.cc.cnetcontent.com https://*.visualwebsiteoptimizer.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com; font-src 'self' 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com; connect-src 'self' https://*.hotjar.com ws://*.hotjar.com https://*.googlecommerce.com https://*.google-analytics.com https://*.visualwebsiteoptimizer.com https://*.exponea.com https://console.turn.com ws://*.sessioncam.com wss://*.sessioncam.com https://*.sessioncam.com orders.ebuyer.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src https: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cdw.com https://*.richrelevance.com https://*.bazaarvoice.com https://*.qualtrics.com https://*.optimizely.com https://*.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com bluecore.com px.spiceworks.com https://*.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net d31y97ze264gaa.cloudfront.net https://*.bounceexchange.com www.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com st1.dialogtech.com bat.bing.com https://*.googleapis.com nsg.symantec.com analytics.po.st px.ads.linkedin.com po.st https://*.cnetcontent.com selectors.cnetcontentsolutions.com https://*.akamaihd.net https://*.google.com https://*.twitter.com https://*.justuno.com https://*.liveclicker.net www.netapp.com dpm.demdex.net https://*.d41.co https://*.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io https://*.webcollage.net https://*.ziftsolutions.com https://*.simpli.fi pixel.mathtag.com https://*.googletagmanager.com https://*.googlesyndication.com googletagservices.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com https://*.flix360.com https://*.easy2.com https://*.go-mpulse.net https://*.cdnwidget.com https://*.rlcdn.com https://*.flixsyndication.net https://*.adobe.com ui.swogo.net; style-src 'self' 'unsafe-inline' https://*.cdw.com https://*.bazaarvoice.com cdw.needle.com https://*.cnetcontent.com https://*.justuno.com https://*.webcollage.net https://*.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com https://*.easy2.com https://*.amazonaws.com platform.twitter.com https://*.typekit.net https://*.adobe.com; img-src 'self' https://*.cdw.com https://*.bazaarvoice.com https://*.qualtrics.com cdw.needle.com nexus.ensighten.com px.spiceworks.com https://*.liadm.com https://*.bounceexchange.com www.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com bat.bing.com nsg.symantec.com https://*.cnetcontent.com selectors.cnetcontentsolutions.com https://*.akamaihd.net https://*.google.com https://*.justuno.com www.netapp.com dpm.demdex.net https://*.cxense.com vault.pactsafe.io pactsafe.io https://*.webcollage.net https://*.ziftsolutions.com https://*.googletagmanager.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com https://*.flix360.com https://*.easy2.com https://*.amazonaws.com platform.twitter.com https://*.linkedin.com https://*.tribalfusion.com https://*.company-target.com www.facebook.com events.bouncex.net https://*.cdnwidget.com https://*.rlcdn.com https://*.cloudfront.net cdw-prod.adobecqms.net https://*.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com https://*.bluekai.com k.intellitxt.com https://*.everesttech.net https://*.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com https://*.advertising.com magnetic.t.domdex.com https://*.rfihub.com https://*.mathtag.com https://*.mathtag.co https://*.amgdgt.com https://*.casalemedia.com www.bluecore.com https://*.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com loadm.exelator.com insight.adsrvr.org um.simpli.fi acuityplatform.com data: https://*.dotomi.com https://*.flixsyndication.net liveintent.com cbssports.com maxpreps.com 247sports.com ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com https://*.adobe.com https://*.sc.omtrdc.net df7xs8p1yjitw.cloudfront.net https://*.core.windows.net; frame-src 'self' https://*.cdw.com https://*.bazaarvoice.com https://*.qualtrics.com https://*.hotjar.com https://*.liadm.com https://*.bounceexchange.com https://*.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com https://*.twitter.com https://*.liveclicker.net https://*.cxense.com https://*.webcollage.net https://*.ziftsolutions.com pixel.mathtag.com https://*.googletagmanager.com googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com https://*.easy2.com www.facebook.com https://*.rlcdn.com rs.gwallet.com https://*.liveclicker.com pages.cdwemail.com www.emjcd.com https://*.dotomi.com https://*.flixsyndication.net cdw.zuberance.com https://*.eloqua.com https://*.swcontentsyndication.com; font-src 'self' 'unsafe-inline' https://*.cdw.com cdw.needle.com https://*.googleapis.com https://*.cnetcontent.com https://*.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com https://*.easy2.com https://*.flixsyndication.net https://*.typekit.net https://*.adobe.com; connect-src 'self' https://*.cdw.com https://*.richrelevance.com https://*.bazaarvoice.com https://*.qualtrics.com https://*.optimizely.com https://*.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com px.spiceworks.com https://*.liadm.com scripts.demandbase.com triggeredmail.appspot.com d31y97ze264gaa.cloudfront.net https://*.bounceexchange.com www.googleadservices.com https://*.doubleclick.net bat.bing.com https://*.googleapis.com nsg.symantec.com https://*.cnetcontent.com https://*.akamaihd.net https://*.google.com https://*.justuno.com www.netapp.com https://*.d41.co vault.pactsafe.io pactsafe.io t.sellpoints.com a.sellpoint.net https://*.go-mpulse.net platform.twitter.com https://*.company-target.com www.facebook.com events.bouncex.net https://*.cdnwidget.com wss://*.hotjar.com p.po.st https://*.cdnbasket.net https://*.akstat.io data.g2.com data.g2crowd.com https://*.adobe.com https://*.hotjar.io; object-src 'self' a.sellpoint.net; worker-src 'self' blob:; media-src 'self' https://*.cdw.com https://*.cnetcontent.com https://*.webcollage.net media.flixfacts.com www.youtube.com blob: https://*.flixsyndication.net; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-OerBLmBcea' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=501041f3-dab5-41e3-90cf-e04bb1298c3e 1
frame-ancestors 'self' millenniumimoveis.janeladigital.com; 1
base-uri 'none'; object-src 'none'; img-src *; style-src 'unsafe-inline' 'self'; script-src https: 'nonce-e3a4daa48580b678ed1a5372034695d8' 'strict-dynamic' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imedia.cz *.sdn.szn.cz *.szn.cz *.sklik.cz http://*.imedia.cz https://*.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.garaz.cz https://www.garaz.cz *.pubmatic.com *.doubleverify.com *.serving-sys.com  ads.celtra.com *.adform.net *.pliing.com *.adnxs.com *.adnxs.net *.doubleclick.net cdn.vistag.com login.szn.cz http://login.szn.cz https://login.szn.cz; frame-ancestors 'self' www.seznam.cz adminclanky.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.omtrdc.net *.adobedtm.com *.epoq.de *.worldshop.eu *.miles-and-more.com *.milesandmore.com *.lufthansa.com *.points.com *.youtube.com *.ytimg.com *.googleapis.com *.swiss-shop.com *.mamtools.com data:; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.mx  ; frame-src 'self' *.indeed.com *.indeed.com.mx https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.mx d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1
default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src   data: 'self' fonts.gstatic.com;     img-src 'self' data: asset.piraeusbank.gr assets.piraeusbank.gr   https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com 1
frame-ancestors aplikace.rozhlas.cz 'self'; 1
script-src https://file3.noormags.ir https://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://api-public.addthis.com http://www.linkedin.com https://certificate.iwmf.ir https://c.iwmf.ir 'unsafe-inline' 'unsafe-eval'; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-wSXkzzSHDOX9/9Be3eB/vPTQuDU0GTGXtr40Xmx/aRM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=36451797-614f-4eff-987c-6413a6e0729e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=36451797-614f-4eff-987c-6413a6e0729e&version=972213ed8b73d517b7e149449915aa95f5022a2e&report_only=false 1
style-src 'self' *.quickteller.com 'unsafe-inline' *.interswitchng.com https://tagmanager.google.com https://fonts.googleapis.com *.livechatinc.com; script-src 'self' *.google-analytics.com https://www.google-analytics.com *.kongapay.com kongapay-pg.kongapay.com 'unsafe-inline' 'unsafe-eval' *.igbimo.com *.pushwoosh.com *.google.com *.gstatic.com *.quickteller.com 'self' *.interswitchng.com *.algolianet.com *.algolia.net https://cdnjs.cloudflare.com/ajax/libs/lazysizes/4.0.2/lazysizes.min.js https://www.googletagmanager.com/ fullstory.com https://static.ads-twitter.com/uwt.js https://ajax.cloudflare.com *.twitter.com https://storage.googleapis.com https://creativecdn.com https://js-agent.newrelic.com/nr-1099.min.js http://static.ads-twitter.com/uwt.js *.livechatinc.com *.postaffiliatepro.com https://connect.facebook.net/ *.facebook.com/ *.doubleclick.net *.hotjar.com *.cloudfront.net/capture/UAT/konga.js https://stats.g.doubleclick.net *.yimg.com/ *.salecycle.com/ https://sp.analytics.yahoo.com https://static.criteo.net/js/ld/ld.js *.criteo.com *.chartbeat.com https://creativecdn.com *.typeform.com/ *.googleadservices.com *.scarabresearch.com/; img-src * data: https://creativecdn.com; frame-src 'self' *.igbimo.com *.konga.com *.kongapay.com *.youtube.com *.google.com https://d22j4fzzszoii2.cloudfront.net *.quickteller.com https://www.googletagmanager.com/ *.livechatinc.com *.hotjar.com *.salecycle.com https://dis.eu.criteo.com/ https://konga622377.typeform.com/ *.doubleclick.net *.scarabresearch.com/; font-src 'self' data: *.livechatinc.com *.themes.googleusercontent.com https://fonts.gstatic.com/; connect-src 'self' *.igbimo.com *.konga.com https://sentry.io *.google-analytics.com https://www.google.com.ng *.pushwoosh.com *.cloudinary.com https://www.google-analytics.com *.quickteller.com https://secure.livechatinc.com *.algolianet.com *.algolia.net *.fullstory.com *.doubleclick.net *.salecycle.com *.chartbeat.com *.google.com *.hotjar.com https://stats.g.doubleclick.net https://creativecdn.com https://www.googletagmanager.com https://analytics.twitter.com https://t.co https://ib.adnxs.com https://cdnjs.cloudflare.com *.scarabresearch.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 1
default-src *; img-src * data:; frame-src 'self'; script-src  trix360.com *.vaptcha.com  *.cnzz.com 'unsafe-inline' 'unsafe-eval'; style-src trix360.com *.vaptcha.com  'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com  www.bpost2.be bpaid.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be  cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2; report-uri /admin/config/system/seckit/csp-report 1
block-all-mixed-content;frame-ancestors 'self' https://www.dashlane.com https://www.google.com https://www-dashlane-com.cdn.ampproject.org https://www-dashlane-com.amp.cloudflare.com;base-uri 'none';default-src https://d38muu3h4xeqr1.cloudfront.net;style-src 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://app-ab14.marketo.com;font-src data: https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kck3hlb9.dashlane.com https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://cdn.ampproject.org https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://cdn.heapanalytics.com https://js.stripe.com https://widget.trustpilot.com https://munchkin.marketo.net https://app-ab14.marketo.com https://api.greenhouse.io https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://tagmanager.google.com https://platform.twitter.com https://script.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/e/t.js https://dev.visualwebsiteoptimizer.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://connect.facebook.net https://static.criteo.net/js/ld/ld.js https://widget.criteo.com/event https://widget.us.criteo.com/event https://sslwidget.criteo.com/event https://cm.g.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://s.pinimg.com/ct/ https://a.quora.com/qevents.js https://b-code.liadm.com/a-00ou.min.js https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/ https://platform.twitter.com/oct.js https://www.redditstatic.com/ads/pixel.js;img-src 'self' data: https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://d2erpoudwvue5y.cloudfront.net https://kwift-icons-desktop.s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/static-icons/_web/ https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://q.stripe.com https://www.gstatic.com https://ssl.gstatic.com https://app-ab14.marketo.com https://user-event-tracker.crazyegg.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://ct.pinterest.com/v3/ https://*.liadm.com https://goo.gl https://trc.taboola.com/geistm2-dashlane-sc/ https://stats.g.doubleclick.net https://*.us.criteo.net https://pinterest.adsymptotic.com https://q.quora.com https://i.geistm.com/x/ https://api.nanigans.com/event.php https://gravatar.com https://t.co https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://safecart.com https://alb.reddit.com https://pubads.g.doubleclick.net https://sp.analytics.yahoo.com https://www.google.ad https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.cl https://www.google.co.ao https://www.google.co.bw https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.et https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gp https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.mu https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sn https://www.google.tt;media-src 'self' https://d38muu3h4xeqr1.cloudfront.net;connect-src 'self' https://ws1.dashlane.com https://api.dashlane.com https://kck3hlb9.dashlane.com https://cdn.ampproject.org https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://api.stripe.com https://widget.trustpilot.com https://*.mktoresp.com https://api.trustpilot.com https://sample-api-v2.crazyegg.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://ct.pinterest.com/user/ https://lcidc.liadm.com/api/v1/dynamic-conversion https://stats.g.doubleclick.net https://ampcid.google.ad https://ampcid.google.ae https://ampcid.google.am https://ampcid.google.at https://ampcid.google.be https://ampcid.google.bg https://ampcid.google.bs https://ampcid.google.by https://ampcid.google.ca https://ampcid.google.cd https://ampcid.google.ch https://ampcid.google.cl https://ampcid.google.co.ao https://ampcid.google.co.bw https://ampcid.google.co.id https://ampcid.google.co.il https://ampcid.google.co.in https://ampcid.google.co.jp https://ampcid.google.co.kr https://ampcid.google.co.ma https://ampcid.google.co.nz https://ampcid.google.co.th https://ampcid.google.co.uk https://ampcid.google.co.ve https://ampcid.google.co.za https://ampcid.google.co.zw https://ampcid.google.com https://ampcid.google.com.af https://ampcid.google.com.ar https://ampcid.google.com.au https://ampcid.google.com.bo https://ampcid.google.com.br https://ampcid.google.com.co https://ampcid.google.com.do https://ampcid.google.com.ec https://ampcid.google.com.eg https://ampcid.google.com.et https://ampcid.google.com.gh https://ampcid.google.com.gt https://ampcid.google.com.hk https://ampcid.google.com.jm https://ampcid.google.com.kw https://ampcid.google.com.lb https://ampcid.google.com.mt https://ampcid.google.com.mx https://ampcid.google.com.my https://ampcid.google.com.na https://ampcid.google.com.ng https://ampcid.google.com.ni https://ampcid.google.com.np https://ampcid.google.com.pe https://ampcid.google.com.ph https://ampcid.google.com.pk https://ampcid.google.com.pr https://ampcid.google.com.py https://ampcid.google.com.sa https://ampcid.google.com.sg https://ampcid.google.com.sl https://ampcid.google.com.tr https://ampcid.google.com.tw https://ampcid.google.com.ua https://ampcid.google.com.uy https://ampcid.google.com.vn https://ampcid.google.cz https://ampcid.google.de https://ampcid.google.dk https://ampcid.google.dz https://ampcid.google.ee https://ampcid.google.es https://ampcid.google.et https://ampcid.google.fi https://ampcid.google.fr https://ampcid.google.ge https://ampcid.google.gp https://ampcid.google.hn https://ampcid.google.hr https://ampcid.google.hu https://ampcid.google.ie https://ampcid.google.iq https://ampcid.google.is https://ampcid.google.it https://ampcid.google.lk https://ampcid.google.lt https://ampcid.google.lu https://ampcid.google.mu https://ampcid.google.mv https://ampcid.google.nl https://ampcid.google.no https://ampcid.google.pl https://ampcid.google.pt https://ampcid.google.ro https://ampcid.google.rs https://ampcid.google.ru https://ampcid.google.se https://ampcid.google.si https://ampcid.google.sn https://ampcid.google.tt;object-src 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' https://d1sk9wm475w15q.cloudfront.net https://d3mfqat9ni8wb5.cloudfront.net https://d3qm0vl2sdkrc.cloudfront.net https://s3.eu-west-1.amazonaws.com/mac.dashlane.com/ https://s3.eu-west-1.amazonaws.com/binaries.dashlane.com/ https://app.adjust.com https://amp.dashlane.com https://webui.dashlane.com safari-extension://com.dashlane.dashlanesafari-5p72e3gc48 dashlane: https://js.stripe.com https://widget.trustpilot.com https://app-ab14.marketo.com https://www.youtube.com https://staticxx.facebook.com https://platform.twitter.com https://www.facebook.com https://dis.us.criteo.com https://gum.criteo.com https://static.criteo.com https://static.criteo.net https://i.liadm.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=700cb8c9-cbc3-4762-ba23-e132cc6d5c0e 1
frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.bricoman.it *.wanadev.eu *.wanadev.com; 1
frame-ancestors http://*.house.gov https://*.house.gov http://*.senate.gov https://*.senate.gov http://*.loc.gov https://*.loc.gov 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *; report-uri /actions/csp/report; 1
frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 1
frame-ancestors 'self' https://piwik.mz.tu-dresden.de 1
frame-src *; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru ajax.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://sentry.medrating.org https://stats.g.doubleclick.net https://*.facebook.com; font-src 'self' https://*.gstatic.com *.gstatic.com; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.facebook.com https://*.google.ru https://*.mail.ru; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; report-uri https://prodoctorov.ru/cspreport/ 1
frame-ancestors https://*.orbi.kr 1
frame-ancestors https://www.ysl.com/ https://www.ysl.com/ ; 1
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2b38f09a-a0fc-4132-8ad4-eb9e967425bf 1
frame-ancestors 'self' file: filesystem: http://localhost:8080 app.optimizely.com; 1
frame-ancestors 'self' *.parentlink.com *.parentlink.net *.parlant.com *.cloudspeaker.com *.memberspark.com 1
frame-ancestors https://tongji.baidu.com; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=da95c862-5b8f-41c2-a702-9e2b87fe7563 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss://socket.showtalk.jp 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=04964d9f-4f33-4296-9dec-f72f5daee61e 1
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ *.optimizely.com www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; frame-src 'self' *.adform.net *.optimizely.com *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; object-src 'self'; 1
'frame-ancestors' http://localhost:8100 https//*.tn.gov 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-5eb4144ea62a4d2c8416e48cec945012'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
base-uri 'none'; font-src 'self' data:* themes.googleusercontent.com *.gstatic.com fonts.googleapis.com; frame-src 'self' www.google.com www.youtube.com services.google.com *.doubleclick.net; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.youtube.com *.ytimg.com; object-src 'self' *.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com tagmanager.google.com fonts.googleapis.com *.gstatic.com; 1
frame-ancestors https://*.tracfone.com https://*.wal-mart.com 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' *.boost.ai *.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' https://*.boost.ai https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net; object-src 'self'; frame-ancestors 'self'; frame-src https: 1
connect-src https://api.posteo.de https://payment.posteo.de https://cdn.posteo.de wss://posteo.de 'self'; child-src 'self'; font-src 'self' data:; form-action https://www.paypal.com 'self' data:; frame-ancestors 'self'; frame-src 'self' blob:; img-src data: *; media-src 'self' https://cdn.posteo.de; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'none'; reflected-xss block; referrer no-referrer; 1
frame-ancestors https://apps.facebook.com http://www.clickjogos.com.br http://clickjogos.com.br https://www.clickjogos.com.br https://clickjogos.com.br http://tibia.uol.com.br https://tibia.uol.com.br 'self' 1
default-src 'self' *.uqu.edu.sa *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.youtube.com *.twitter.com 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' *.uqu.edu.sa *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.twimg.com *.flagcounter.com data: blob: https: 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;object-src *;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src *;connect-src *;child-src * callback:;form-action *;frame-ancestors *;worker-src * 1
default-src http: data: 'self' 'unsafe-inline' 'unsafe-eval' *.surlatable.com *.surlatable.net; frame-ancestors 'self' *.surlatable.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a021f9bf-2ef1-4196-9bd3-ae0612a366d7 1
frame-ancestors https://webvisor.com http://webvisor.com 1
default-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; script-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; style-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; object-src 'none'; img-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net data:; media-src https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; block-all-mixed-content; 1
upgrade-insecure-requests; default-src cdn1.svenskaspel.net;script-src 'self' cdn1.svenskaspel.net api.www.svenskaspel.se https://connect.facebook.net track.adform.net tb.de17a.com https://*.tradedoubler.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval';style-src fonts.googleapis.com 'self' 'unsafe-inline' cdn1.svenskaspel.net tagmanager.google.com;img-src https://api.www.svenskaspel.se 'self' data: cdn1.svenskaspel.net api.www.svenskaspel.se https://www.facebook.com tb.de17a.com https://*.tradedoubler.com www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn1.svenskaspel.net data:;media-src 'none';frame-src 'self' svsinhouse-se.loopiasecure.com api.www.svenskaspel.se https://www.facebook.com https://connect.facebook.net https://*.tradedoubler.com tb.de17a.com;object-src 'none';frame-ancestors 'none';worker-src 'none';connect-src 'self' https://api.www.svenskaspel.se cdn1.svenskaspel.net api.www.svenskaspel.se wss://api.www.svenskaspel.se www.google-analytics.com; 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src 'self' https://www.koodomobile.com https://koodomobile.com https://b.koodomobile.com https://du4n2wiaamtmk.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com https://nexus.ensighten.com https://assets.adobedtm.com telus.tt.omtrdc.net https://www.google.com https://www.youtube.com https://*.demdex.net https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.qualtrics.com https://dev.visualwebsiteoptimizer.com https://*.newrelic.com https://bam.nr-data.net https://static.ada.support https://koodo.ca.ada.support https://cm.everesttech.net https://*.adgear.com https://mobility.telus.com https://koodo.sds.modeaondemand.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://www.koodomobile.com https://koodomobile.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https://www.koodomobile.com https://koodomobile.com https://maps.gstatic.com https://maps.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.facebook.com https://b.koodomobile.com https://*.ensighten.com https://*.google-analytics.com https://*.youtube.com https://i.imgur.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' fr.shopping.com t.contentsquare.net  *.chronopost.fr *.googleapis.com widget.mondialrelay.com *.ubaldi.com apis.google.com www.google-analytics.com www.googleadservices.com media.flixfacts.com t.flix360.com media.flixcar.com js-agent.newrelic.com bam.nr-data.net logo.flixfacts.co.uk connect.facebook.net pagead2.googlesyndication.com *.jobaffinity.fr jobaffinity.fr *.webcollage.net *.powerreviews.com *.iesnare.com assets.delvenetworks.com s.delvenetworks.com content.jwplatform.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com rscdn.storetail.net tk.storetail.io www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net www.googletagmanager.com https://static-bp.kameleoon.com https://static-direct.kameleoon.com https://static.kameleoon.com https://editor.kameleoon.com; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=76a1be5a-3ad4-430d-8ef2-58122b2d5b82 1
default-src *.marxists.org 'self'; script-src *.marxists.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.marxists.org 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' *.orange.ro  1
default-src 'none'; connect-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
script-src         'self'         'unsafe-inline'         'unsafe-eval'         blob:         d2e70e9yced57e.cloudfront.net         d2k0escgkdw2ev.cloudfront.net         *.googleapis.com         *.google.com         *.gstatic.com         *.google-analytics.com         www.googletagmanager.com         www.googleadservices.com         googleads.g.doubleclick.net         cdn.ampproject.org         bat.bing.com         s.yimg.com         cdn.taboola.com         trc.taboola.com         sp.analytics.yahoo.com         *.facebook.com         connect.facebook.net         www.linkedin.com         www.reddit.com         *.twitter.com         static.ads-twitter.com         *.linkedin.com         *.pinterest.com         *.reddit.com         www.dianomi.com         loadus.exelator.com         ct.buyright.com         affiliate.icclicktracker.com         amplify.outbrain.com         track.supersonicads.com         ads.trafficjunky.net         cdn.ckeditor.com         *.wistia.com         sentry.io         opensharecount.com         *.mediaalpha.com         smartforms.ekomi.com         *.amazonaws.com     ; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: 'unsafe-inline' 'unsafe-eval'; object-src https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /uri-directive; 1
default-src *.mail.ru https://*.mail.ru mail.ru https://mail.ru *.imgsmail.ru https://*.imgsmail.ru *.devmail.ru https://*.devmail.ru *.yandex.net https://*.yandex.net *.yandex.ru https://*.yandex.ru